SlideShare a Scribd company logo

MITIGATING SOCIAL ENGINEERING ATTACKS.pptx

Download as PPTX, PDF
Z
zeeguy4lyf

Mitigating Social Engineering attacks, using the University of Ilorin as a case study. This presentation describes some common social engineering methods and how it is carried out and also suggests some methods for preventing and mitigating social engineering attacks in a school/university setting. (Cyber Security)

Technology
1 of 20
1 A SEMINAR REPORT UNIVERSITY OF ILORIN, ILORIN, KWARA STATE. NAME: SUCCESS ZION ONORUOIZA MATRIC NO.: 18/52HA139 SUPERVISOR: DR. MRS. MABAYOJE MITIGATING SOCIAL ENGINEERING ATTACKS: PENETRATION TESTING METHODS IN COMPUTER SCIENCE DEPARTMENT AT THE UNIVERSITY OF ILORIN.
2 01 INTRODUCTION 02 STATEMENT OF PROBLEM 03 AIM OF THE STUDY 04 OBJECTIVES 05 LITERATURE REVIEW 06 RESEARCH METHODOLOGY 07 SIGNIFICANCE OF STUDY 08 REFERENCES PRESENTATION OUTLINE
3 INTRODUCTION 01 The advancements in modern information technologies have revolutionized various aspects of our lives, including business, communication, and access to services. While these advancements bring convenience and connectivity, they also expose us to risks, particularly cyberattacks. Cyberattacks pose a significant threat to sensitive information and personal data, with social engineering attacks being a prevalent method. Cyberattacks, especially social engineering attacks are not limited to individuals and can target organizations, schools, and governments. Effective security measures, such as penetration testing, are crucial to protect against these threats. “The education sector experiences the highest number of malware attacks, primarily attributed to a significant prevalence of social engineering attacks, as stated in the recent report by Microsoft's Threat Intelligence Platform.”
4 STATEMENT OF PROBLEM The tertiary education sector is highly vulnerable to cyberattacks, particularly social engineering attacks due to lack of attention to security which increases the risk of malware attacks and compromises sensitive information. Unauthorized access to student and staff data can lead to severe consequences and result manipulation. The University of Ilorin (UNILORIN) utilizes a web-based management system that requires penetration testing regularly, specifically targeting social engineering techniques, to identify and address security loopholes. 02 “Amateurs hack systems, professionals hack people.” - Bruce Schneier
5 THE AIMS AND OBJECTIVES OF THE STUDY This project aims to investigate the role of social engineering in penetration testing, and suggesting methods to mitigate social engineering attacks using the University of Ilorin’s computer science department as a case study. 03 - 04 To review some existing literature on social engineering in penetration testing, including the types of social engineering techniques that are commonly used, the effectiveness of such techniques, and how to avoid or mitigate such attacks. To conduct a penetration test on the UNILORIN students and staff portal using phishing, tailgating, pretexting, and Quid Pro Quo social engineering techniques. To analyze the results of the penetration test and assess the effectiveness of social engineering in breaching the security of the UNILORIN portal. To provide recommendations for improving the security of the UNILORIN portal against social engineering attacks.
6 LITERATURE REVIEW 05 A. REVIEW OF RELATED CONCEPTS A. REVIEW OF RELATED WORKS
7 05_ LITERATURE REVIEW As proposed by Khonji, Iraqi, & Jones (2013), phishing attacks are semantic attacks that leverage electronic communication channels, including E-Mails, HTTP, SMS, VoIP, etc. The objective of these attacks is to deliver socially engineered messages persuading victims to undertake specific actions without imposing limitations on the nature of these actions, ultimately benefiting the attacker. Phishing A. Related Concepts
8 05_ LITERATURE REVIEW Impersonation is considered a highly effective strategy in social engineering due to its ease of execution and the ability to conceal the true identities of the perpetrators (Redmon, 2005). Pretexting, a widely employed impersonation technique, involves obtaining information through deceptive means. It goes beyond mere falsehoods, requiring extensive research on the targeted individual prior to the execution of the attack (Ivaturi & Janczewski, 2011). Pretexting
9 05_ LITERATURE REVIEW Baiting shares similarities with phishing attacks but employs enticing strategies to lure victims. In baiting, hackers entice users by promising rewards or goods in exchange for surrendering their login credentials to a specific website. Baiting schemes extend beyond digital and online methods and can also be executed using physical media (Conteh & Schmick, 2016). Baiting
10 05_ LITERATURE REVIEW Social engineers apply the principles of psychological manipulation and persuasion to deceive people into performing actions and giving out confidential information that they normally wouldn’t do or give out. Robert Cialdini, a psychologist, stated six principles of persuasion that work on the human mind based on observations and research which include; reciprocation, commitment and consistency, social proof, liking, authority, and scarcity. Psychological Manipulation
11 05_LITERATURE REVIEW B. RELATED WORKS TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PENETRATION TESTING THROUGH SOCIAL ENGINEERING (1996) John P. Ceraolo The researcher did not carry out attacks on multiple organizations but on different departments of a single organization; hence, the result is not really comprehensive. To conduct six case studies of different social engineering attack scenarios using vishing and its effectiveness in penetration testing of an organization. Quantitative research method by carrying out attacks through vishing in six different cases in the organization. The penetration tests were successful in each of the six cases where they were carried out, showing that the staffs of the organization did not have any form of awareness. SOCIAL ENGINEERING AND CYBER SECURITY (2017) Breda F., Barbosa H., Morais T. Suggested that further research should be carried out on how social engineering attacks can be reduced to the bare minimum and to advise good practices for individuals and organizations To examine recurrent social engineering techniques used by attackers, as well as revealing a basic complementary technical methodology to conduct effective exploits Using the social engineering toolkit provided on Kali Linux, a basic credential harvesting attack using phishing was carried out. The cloned website created by the social engineering toolkit worked and returned the authentication credentials to the attacker
12 05_LITERATURE REVIEW B. RELATED WORKS CONTD. TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PENETRATION TESTING FOR INTERNET OF THINGS AND ITS AUTOMATION (2018) Ge Chu and Alexei Lisitsa Could not carry out real-life attacks and tests. Simulated attacks were carried out, but the results of the attacks are not as reliable as real-life attacks. To analyze the security problems of IoT and propose a penetration testing approach and its automation based on belief-desire-intention (BDI) model to evaluate the security of the IoT. Information gathering process, which involved social engineering methods, analysis, and exploitation using social engineering attack vectors and other attack vectors with the BDI. The BDI agent successfully breached the SSH password and gained user privileges. However, it was unable to execute a local buffer overflow attack to obtain root privileges due to insufficient randomization. PENETRATION TESTING: A REVIEW (2014) Kumar Shravan, Bansal Neha, and Bhadana Pawan The researchers could not find any means of identifying false positives in penetration testing using methods like social engineering and others. Investigate Penetration Testing tools and techniques, and teach a Network and System Administrator how they can utilize Penetration Testing to understand, analyze and address Research on the processes required to conduct a successful penetration test and the various techniques used, including social engineering, phases and methods. Taught the network and system administrators on the ethics of hacking and procedures to follow.
13 05_LITERATURE REVIEW B. RELATED WORKS CONTD. TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PENETRATION TESTING: A ROADMAP TO NETWORK SECURITY (2009) Nitin A. Naik, Gajanan D. Kurundkar, Santosh D. Khamitkar, Namdeo V. Kalyankar Could not devise a solution for the penetration testers to constantly conduct tests on the network to prevent newer forms of attacks and security loopholes. Did not also explain in detail the use of social engineering in the process. The objective of this paper is to explain the methodology and methods behind penetration testing (including social engineering) and illustrate remedies for it, which will provide substantial value for network security because it will model real-world attacks as closely as possible. Researched on the preliminary steps needed to conduct a successful penetration test on a network, how to exploit vulnerabilities, and how all the phases in the preparation stage work together. Highlighted that it should only be professionals in penetration testing that conduct penetration tests; they should also be constantly monitoring the system for all kinds of attacks, including social engineering attacks.
14 05_LITERATURE REVIEW B. RELATED WORKS CONTD. TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PANNING FOR GOLD: AUTOMATICALLY ANALYSING ONLINE SOCIAL ENGINEERING ATTACK SURFACES (2017) Edwards, M., Larson, R., Green, B., Rashid, A., & Baron, A. Open Source Intelligence (OSINT) requires more attention and development than what is typically required for a research on social engineering. To showcase the passive and automated collection of key information for social engineering attacks on organizations. It addresses the problems of identifying employees using public information and linking their profiles across multiple social networks for more effective attacks. Study on the effectiveness of the Open Source Intelligence (OSINT) to boost the effectiveness of deceptive ploys delivered in a social engineering attack. Presented a tool that penetration testers can utilize to assess an organization's vulnerability in a passive manner. This tool can be employed to evaluate the actual effectiveness of organizational mitigation strategies, including training events and updated policies.
15 05_LITERATURE REVIEW B. RELATED WORKS CONTD. TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PREVENTION OF SOCIAL ENGINEERING IN ELECTRONIC MEDIA (2022) Vika Fransisca, Komarudin The literature did not do an extensive research on the different ways and methods of preventing social engineering attacks. To analyze the methods that can be used to prevent social engineering attacks, and to provide methods for correcting security loopholes after a person has suffered an attack. Research by scoping existing literatures on prevention and solution to social engineering. Suggested steps that can be taken after social engineering has occurred and steps to prevent the attack from happening. SYSTEM PENETRATION: CONCEPTS, ATTACK METHODS, AND DEFENSE STRATEGIES (2023) Mohammad Tabrez Quasim, Ahmed Nasser Al Hawi The literature did not explain in details how to use the specified tools, edge cases, and interpretation of the penetration testing results. Investigates different penetration testing tools in Kali Linux, how to use and deploy them for different kinds of attacks, and defense strategies using a private network. Carried out different penetration testing and social engineering attacks using the tools provides by the Kali Linux suite Suggested penetration testing attack tools and stages needed to carry out the tests successfully.
16 RESEARCH METHODOLOGY 06
17 06_ RESEARCH METHODOLOGY Methodology Take permission To ensure legal compliance, obtain necessary permissions before conducting penetration testing. Submit request to faculty subdean and department adviser for approval. Proceed upon authorization. Mitigates unauthorized access risk. Information gathering Gather information about potential victims for successful penetration testing. Methods include passive reconnaissance (using social media), active reconnaissance (engaging in conversations), and open source intelligence (OSINT). Active reconnaissance will be used. Attack Vector scoping Select attack methods based on information gathered. Staff will be targeted using tailgating, phishing, and pretexting. Students will be targeted using phishing, pretexting, and quid pro quo. Additional attack vectors may be used to assess staff and student awareness levels.
18 06_ RESEARCH METHODOLOGY Methodology Contd. Proposed tools The tools that will be used in this penetration testing campaign include Kali Linux, the Social Engineering Toolkit, Wifi Phisher, and Wget. These tools will enhance the effectiveness of the testing process. Data recording During the attack phase, a JSON document will be used to record important details including the attack date, attack vector, success rate, victim, psychology of influence used, and additional notes. Victim names will be anonymized to protect privacy, using labels such as Victim 1, Victim 2, etc., for individual- specific attacks. Data interpretation & Report generation The collected data from the social engineering penetration testing campaign will be parsed and visualized in a pie chart using Chart.js. Additionally, JavaScript will be used to generate an HTML page displaying the statistics of the penetration testing exercise.
19 07_ SIGNIFICANCE OF STUDY SIGNIFICANCE OF STUDY The significance of this study lies in the fact that it aims to improve the security of the university's online system. By conducting penetration testing using social engineering techniques, potential vulnerabilities can be identified and remedied. This study will also create awareness among staff and students about the dangers of social engineering attacks and how to protect against them. The study's findings and recommendations will be helpful for other universities and organizations that want to secure their online systems against cyberattacks. 99% 07
20 THANK YOU NAME: SUCCESS ZION MATRIC NO: 18/52HA139 SUPERVISOR: DR. MRS. MABAYOJE

Recommended

A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
IJNSA Journal
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats Modeling
IJNSA Journal
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
IJNSA Journal
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
CSCJournals
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
Puneeth Puni
 
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
Willy Marroquin (WillyDevNET)
 
AN EXPERT SYSTEM AS AN AWARENESS TOOL TO PREVENT SOCIAL ENGINEERING ATTACKS I...
AN EXPERT SYSTEM AS AN AWARENESS TOOL TO PREVENT SOCIAL ENGINEERING ATTACKS I...AN EXPERT SYSTEM AS AN AWARENESS TOOL TO PREVENT SOCIAL ENGINEERING ATTACKS I...
AN EXPERT SYSTEM AS AN AWARENESS TOOL TO PREVENT SOCIAL ENGINEERING ATTACKS I...
IJCI JOURNAL
 
Social Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network SecuritySocial Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network Security
Oladotun Ojebode
 

Recommended

A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
A LITERATURE SURVEY AND ANALYSIS ON SOCIAL ENGINEERING DEFENSE MECHANISMS AND...
IJNSA Journal
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats Modeling
IJNSA Journal
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
IJNSA Journal
 
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
Contemporary Cyber Security Social Engineering Solutions, Measures, Policies,...
CSCJournals
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
Puneeth Puni
 
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and...
Willy Marroquin (WillyDevNET)
 
AN EXPERT SYSTEM AS AN AWARENESS TOOL TO PREVENT SOCIAL ENGINEERING ATTACKS I...
AN EXPERT SYSTEM AS AN AWARENESS TOOL TO PREVENT SOCIAL ENGINEERING ATTACKS I...AN EXPERT SYSTEM AS AN AWARENESS TOOL TO PREVENT SOCIAL ENGINEERING ATTACKS I...
AN EXPERT SYSTEM AS AN AWARENESS TOOL TO PREVENT SOCIAL ENGINEERING ATTACKS I...
IJCI JOURNAL
 
Social Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network SecuritySocial Engineering Role in Compromising Information/Network Security
Social Engineering Role in Compromising Information/Network Security
Oladotun Ojebode
 
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdfA Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
Katie Naple
 
All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...
Gina Rizzo
 
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning AlgorithmsA Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
CSCJournals
 
204
204204
204
vivatechijri
 
Social media platform and Our right to privacy
Social media platform and Our right to privacySocial media platform and Our right to privacy
Social media platform and Our right to privacy
vivatechijri
 
Vulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. docVulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. doc
NuhuHamza
 
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYING
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYINGA MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYING
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYING
ijaia
 
A Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of CyberbullyingA Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of Cyberbullying
gerogepatton
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
CSCJournals
 
A Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of CyberbullyingA Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of Cyberbullying
gerogepatton
 
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...
ijtsrd
 
BINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNING
BINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNINGBINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNING
BINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNING
IRJET Journal
 
Terrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data MiningTerrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data Mining
IRJET Journal
 
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
CSCJournals
 
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
CSCJournals
 
CHI abstract camera ready
CHI abstract camera readyCHI abstract camera ready
CHI abstract camera ready
Mark Sinclair
 
Required topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docxRequired topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docx
heunice
 
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATIONBEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
AIRCC Publishing Corporation
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
AIRCC Publishing Corporation
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
AIRCC Publishing Corporation
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

More Related Content

Similar to MITIGATING SOCIAL ENGINEERING ATTACKS.pptx

A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning AlgorithmsA Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
CSCJournals
 
204
204204
204
vivatechijri
 
Social media platform and Our right to privacy
Social media platform and Our right to privacySocial media platform and Our right to privacy
Social media platform and Our right to privacy
vivatechijri
 
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYING
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYINGA MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYING
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYING
ijaia
 
A Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of CyberbullyingA Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of Cyberbullying
gerogepatton
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
CSCJournals
 
A Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of CyberbullyingA Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of Cyberbullying
gerogepatton
 
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...
ijtsrd
 
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
CSCJournals
 
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
CSCJournals
 
CHI abstract camera ready
CHI abstract camera readyCHI abstract camera ready
CHI abstract camera ready
Mark Sinclair
 
Required topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docxRequired topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docx
heunice
 
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATIONBEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
AIRCC Publishing Corporation
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
AIRCC Publishing Corporation
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
AIRCC Publishing Corporation
 

Similar to MITIGATING SOCIAL ENGINEERING ATTACKS.pptx (20)

A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdfA Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
A Systematic Literature Review on Phishing and Anti-Phishing Techniques.pdf
 
All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...All About Phishing Exploring User Research Through A Systematic Literature R...
All About Phishing Exploring User Research Through A Systematic Literature R...
 
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning AlgorithmsA Behavior Based Intrusion Detection System Using Machine Learning Algorithms
A Behavior Based Intrusion Detection System Using Machine Learning Algorithms
 
204
204204
204
 
Social media platform and Our right to privacy
Social media platform and Our right to privacySocial media platform and Our right to privacy
Social media platform and Our right to privacy
 
Vulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. docVulnerability Assessment LITERATURE REVIEW. doc
Vulnerability Assessment LITERATURE REVIEW. doc
 
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYING
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYINGA MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYING
A MACHINE LEARNING ENSEMBLE MODEL FOR THE DETECTION OF CYBERBULLYING
 
A Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of CyberbullyingA Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of Cyberbullying
 
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
An Empirical Study on the Security Measurements of Websites of Jordanian Publ...
 
A Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of CyberbullyingA Machine Learning Ensemble Model for the Detection of Cyberbullying
A Machine Learning Ensemble Model for the Detection of Cyberbullying
 
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...
Enhancing Cybersecurity for Mobile Applications A Comprehensive Analysis, Thr...
 
BINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNING
BINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNINGBINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNING
BINARY TEXT CLASSIFICATION OF CYBER HARASSMENT USING DEEP LEARNING
 
Terrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data MiningTerrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data Mining
 
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
 
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
An Indistinguishability Model for Evaluating Diverse Classes of Phishing Atta...
 
CHI abstract camera ready
CHI abstract camera readyCHI abstract camera ready
CHI abstract camera ready
 
Required topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docxRequired topic cyberlaw documentpresentation document .docx
Required topic cyberlaw documentpresentation document .docx
 
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATIONBEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
BEHAVIOURAL ANALYTICS IN CYBER SECURITY FOR DIGITAL FORENSICS APPLICATION
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
 
Behavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics ApplicationBehavioural Analytics in Cyber Security for Digital Forensics Application
Behavioural Analytics in Cyber Security for Digital Forensics Application
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

MITIGATING SOCIAL ENGINEERING ATTACKS.pptx

  • 1. 1 A SEMINAR REPORT UNIVERSITY OF ILORIN, ILORIN, KWARA STATE. NAME: SUCCESS ZION ONORUOIZA MATRIC NO.: 18/52HA139 SUPERVISOR: DR. MRS. MABAYOJE MITIGATING SOCIAL ENGINEERING ATTACKS: PENETRATION TESTING METHODS IN COMPUTER SCIENCE DEPARTMENT AT THE UNIVERSITY OF ILORIN.
  • 2. 2 01 INTRODUCTION 02 STATEMENT OF PROBLEM 03 AIM OF THE STUDY 04 OBJECTIVES 05 LITERATURE REVIEW 06 RESEARCH METHODOLOGY 07 SIGNIFICANCE OF STUDY 08 REFERENCES PRESENTATION OUTLINE
  • 3. 3 INTRODUCTION 01 The advancements in modern information technologies have revolutionized various aspects of our lives, including business, communication, and access to services. While these advancements bring convenience and connectivity, they also expose us to risks, particularly cyberattacks. Cyberattacks pose a significant threat to sensitive information and personal data, with social engineering attacks being a prevalent method. Cyberattacks, especially social engineering attacks are not limited to individuals and can target organizations, schools, and governments. Effective security measures, such as penetration testing, are crucial to protect against these threats. “The education sector experiences the highest number of malware attacks, primarily attributed to a significant prevalence of social engineering attacks, as stated in the recent report by Microsoft's Threat Intelligence Platform.”
  • 4. 4 STATEMENT OF PROBLEM The tertiary education sector is highly vulnerable to cyberattacks, particularly social engineering attacks due to lack of attention to security which increases the risk of malware attacks and compromises sensitive information. Unauthorized access to student and staff data can lead to severe consequences and result manipulation. The University of Ilorin (UNILORIN) utilizes a web-based management system that requires penetration testing regularly, specifically targeting social engineering techniques, to identify and address security loopholes. 02 “Amateurs hack systems, professionals hack people.” - Bruce Schneier
  • 5. 5 THE AIMS AND OBJECTIVES OF THE STUDY This project aims to investigate the role of social engineering in penetration testing, and suggesting methods to mitigate social engineering attacks using the University of Ilorin’s computer science department as a case study. 03 - 04 To review some existing literature on social engineering in penetration testing, including the types of social engineering techniques that are commonly used, the effectiveness of such techniques, and how to avoid or mitigate such attacks. To conduct a penetration test on the UNILORIN students and staff portal using phishing, tailgating, pretexting, and Quid Pro Quo social engineering techniques. To analyze the results of the penetration test and assess the effectiveness of social engineering in breaching the security of the UNILORIN portal. To provide recommendations for improving the security of the UNILORIN portal against social engineering attacks.
  • 6. 6 LITERATURE REVIEW 05 A. REVIEW OF RELATED CONCEPTS A. REVIEW OF RELATED WORKS
  • 7. 7 05_ LITERATURE REVIEW As proposed by Khonji, Iraqi, & Jones (2013), phishing attacks are semantic attacks that leverage electronic communication channels, including E-Mails, HTTP, SMS, VoIP, etc. The objective of these attacks is to deliver socially engineered messages persuading victims to undertake specific actions without imposing limitations on the nature of these actions, ultimately benefiting the attacker. Phishing A. Related Concepts
  • 8. 8 05_ LITERATURE REVIEW Impersonation is considered a highly effective strategy in social engineering due to its ease of execution and the ability to conceal the true identities of the perpetrators (Redmon, 2005). Pretexting, a widely employed impersonation technique, involves obtaining information through deceptive means. It goes beyond mere falsehoods, requiring extensive research on the targeted individual prior to the execution of the attack (Ivaturi & Janczewski, 2011). Pretexting
  • 9. 9 05_ LITERATURE REVIEW Baiting shares similarities with phishing attacks but employs enticing strategies to lure victims. In baiting, hackers entice users by promising rewards or goods in exchange for surrendering their login credentials to a specific website. Baiting schemes extend beyond digital and online methods and can also be executed using physical media (Conteh & Schmick, 2016). Baiting
  • 10. 10 05_ LITERATURE REVIEW Social engineers apply the principles of psychological manipulation and persuasion to deceive people into performing actions and giving out confidential information that they normally wouldn’t do or give out. Robert Cialdini, a psychologist, stated six principles of persuasion that work on the human mind based on observations and research which include; reciprocation, commitment and consistency, social proof, liking, authority, and scarcity. Psychological Manipulation
  • 11. 11 05_LITERATURE REVIEW B. RELATED WORKS TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PENETRATION TESTING THROUGH SOCIAL ENGINEERING (1996) John P. Ceraolo The researcher did not carry out attacks on multiple organizations but on different departments of a single organization; hence, the result is not really comprehensive. To conduct six case studies of different social engineering attack scenarios using vishing and its effectiveness in penetration testing of an organization. Quantitative research method by carrying out attacks through vishing in six different cases in the organization. The penetration tests were successful in each of the six cases where they were carried out, showing that the staffs of the organization did not have any form of awareness. SOCIAL ENGINEERING AND CYBER SECURITY (2017) Breda F., Barbosa H., Morais T. Suggested that further research should be carried out on how social engineering attacks can be reduced to the bare minimum and to advise good practices for individuals and organizations To examine recurrent social engineering techniques used by attackers, as well as revealing a basic complementary technical methodology to conduct effective exploits Using the social engineering toolkit provided on Kali Linux, a basic credential harvesting attack using phishing was carried out. The cloned website created by the social engineering toolkit worked and returned the authentication credentials to the attacker
  • 12. 12 05_LITERATURE REVIEW B. RELATED WORKS CONTD. TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PENETRATION TESTING FOR INTERNET OF THINGS AND ITS AUTOMATION (2018) Ge Chu and Alexei Lisitsa Could not carry out real-life attacks and tests. Simulated attacks were carried out, but the results of the attacks are not as reliable as real-life attacks. To analyze the security problems of IoT and propose a penetration testing approach and its automation based on belief-desire-intention (BDI) model to evaluate the security of the IoT. Information gathering process, which involved social engineering methods, analysis, and exploitation using social engineering attack vectors and other attack vectors with the BDI. The BDI agent successfully breached the SSH password and gained user privileges. However, it was unable to execute a local buffer overflow attack to obtain root privileges due to insufficient randomization. PENETRATION TESTING: A REVIEW (2014) Kumar Shravan, Bansal Neha, and Bhadana Pawan The researchers could not find any means of identifying false positives in penetration testing using methods like social engineering and others. Investigate Penetration Testing tools and techniques, and teach a Network and System Administrator how they can utilize Penetration Testing to understand, analyze and address Research on the processes required to conduct a successful penetration test and the various techniques used, including social engineering, phases and methods. Taught the network and system administrators on the ethics of hacking and procedures to follow.
  • 13. 13 05_LITERATURE REVIEW B. RELATED WORKS CONTD. TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PENETRATION TESTING: A ROADMAP TO NETWORK SECURITY (2009) Nitin A. Naik, Gajanan D. Kurundkar, Santosh D. Khamitkar, Namdeo V. Kalyankar Could not devise a solution for the penetration testers to constantly conduct tests on the network to prevent newer forms of attacks and security loopholes. Did not also explain in detail the use of social engineering in the process. The objective of this paper is to explain the methodology and methods behind penetration testing (including social engineering) and illustrate remedies for it, which will provide substantial value for network security because it will model real-world attacks as closely as possible. Researched on the preliminary steps needed to conduct a successful penetration test on a network, how to exploit vulnerabilities, and how all the phases in the preparation stage work together. Highlighted that it should only be professionals in penetration testing that conduct penetration tests; they should also be constantly monitoring the system for all kinds of attacks, including social engineering attacks.
  • 14. 14 05_LITERATURE REVIEW B. RELATED WORKS CONTD. TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PANNING FOR GOLD: AUTOMATICALLY ANALYSING ONLINE SOCIAL ENGINEERING ATTACK SURFACES (2017) Edwards, M., Larson, R., Green, B., Rashid, A., & Baron, A. Open Source Intelligence (OSINT) requires more attention and development than what is typically required for a research on social engineering. To showcase the passive and automated collection of key information for social engineering attacks on organizations. It addresses the problems of identifying employees using public information and linking their profiles across multiple social networks for more effective attacks. Study on the effectiveness of the Open Source Intelligence (OSINT) to boost the effectiveness of deceptive ploys delivered in a social engineering attack. Presented a tool that penetration testers can utilize to assess an organization's vulnerability in a passive manner. This tool can be employed to evaluate the actual effectiveness of organizational mitigation strategies, including training events and updated policies.
  • 15. 15 05_LITERATURE REVIEW B. RELATED WORKS CONTD. TITLE OF PAPER/JOURNAL & YEAR LIMITATIONS OBJECTIVES METHODOLOGY RESULTS PREVENTION OF SOCIAL ENGINEERING IN ELECTRONIC MEDIA (2022) Vika Fransisca, Komarudin The literature did not do an extensive research on the different ways and methods of preventing social engineering attacks. To analyze the methods that can be used to prevent social engineering attacks, and to provide methods for correcting security loopholes after a person has suffered an attack. Research by scoping existing literatures on prevention and solution to social engineering. Suggested steps that can be taken after social engineering has occurred and steps to prevent the attack from happening. SYSTEM PENETRATION: CONCEPTS, ATTACK METHODS, AND DEFENSE STRATEGIES (2023) Mohammad Tabrez Quasim, Ahmed Nasser Al Hawi The literature did not explain in details how to use the specified tools, edge cases, and interpretation of the penetration testing results. Investigates different penetration testing tools in Kali Linux, how to use and deploy them for different kinds of attacks, and defense strategies using a private network. Carried out different penetration testing and social engineering attacks using the tools provides by the Kali Linux suite Suggested penetration testing attack tools and stages needed to carry out the tests successfully.
  • 17. 17 06_ RESEARCH METHODOLOGY Methodology Take permission To ensure legal compliance, obtain necessary permissions before conducting penetration testing. Submit request to faculty subdean and department adviser for approval. Proceed upon authorization. Mitigates unauthorized access risk. Information gathering Gather information about potential victims for successful penetration testing. Methods include passive reconnaissance (using social media), active reconnaissance (engaging in conversations), and open source intelligence (OSINT). Active reconnaissance will be used. Attack Vector scoping Select attack methods based on information gathered. Staff will be targeted using tailgating, phishing, and pretexting. Students will be targeted using phishing, pretexting, and quid pro quo. Additional attack vectors may be used to assess staff and student awareness levels.
  • 18. 18 06_ RESEARCH METHODOLOGY Methodology Contd. Proposed tools The tools that will be used in this penetration testing campaign include Kali Linux, the Social Engineering Toolkit, Wifi Phisher, and Wget. These tools will enhance the effectiveness of the testing process. Data recording During the attack phase, a JSON document will be used to record important details including the attack date, attack vector, success rate, victim, psychology of influence used, and additional notes. Victim names will be anonymized to protect privacy, using labels such as Victim 1, Victim 2, etc., for individual- specific attacks. Data interpretation & Report generation The collected data from the social engineering penetration testing campaign will be parsed and visualized in a pie chart using Chart.js. Additionally, JavaScript will be used to generate an HTML page displaying the statistics of the penetration testing exercise.
  • 19. 19 07_ SIGNIFICANCE OF STUDY SIGNIFICANCE OF STUDY The significance of this study lies in the fact that it aims to improve the security of the university's online system. By conducting penetration testing using social engineering techniques, potential vulnerabilities can be identified and remedied. This study will also create awareness among staff and students about the dangers of social engineering attacks and how to protect against them. The study's findings and recommendations will be helpful for other universities and organizations that want to secure their online systems against cyberattacks. 99% 07
  • 20. 20 THANK YOU NAME: SUCCESS ZION MATRIC NO: 18/52HA139 SUPERVISOR: DR. MRS. MABAYOJE