Social engineering
•Download as PPTX, PDF•
1 like•166 views
The document discusses social engineering and various social engineering attacks such as phishing. It describes how social engineering tricks users into giving sensitive information or making security mistakes. Phishing is specifically discussed as the fraudulent attempt to get information like usernames and passwords by disguising as a trustworthy entity. The document also provides examples of phishing techniques like homograph attacks and capturing two-factor authentication tokens to bypass two-factor authentication. Countermeasures like security awareness training and updating systems are recommended to prevent social engineering attacks.
More Related Content
What's hot
What's hot (20)
Similar to Social engineering
Similar to Social engineering (20)
Recently uploaded
Recently uploaded (20)
Social engineering
- 1. SOCIAL ENGINEERING VELAYUTHAM SELVARAJ MSC IN DIGITAL FORENSICS AND CYBER CRIME ANALYSIS
- 2. ECHO BRAG • CEO TWINTECH SOLUTIONS • HACKERS DAY LEAD CHAPTER CHENNAI • ECOMMERCE EXPERT • FORENSIC INVESTIGATOR LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 3. SOCIAL ENGINEERING • SOCIAL ENGINEERING IS THE TERM USED FOR A BROAD RANGE OF MALICIOUS ACTIVITIES ACCOMPLISHED THROUGH HUMAN INTERACTIONS. IT USES PSYCHOLOGICAL MANIPULATION TO TRICK USERS INTO MAKING SECURITY MISTAKES OR GIVING AWAY SENSITIVE INFORMATION. • TYPICALLY USES A DELIVERY TOOL, LIKE EMAIL, A WEB PAGE, OR A USB KEY, TO INDUCE A TARGET TO SHARE SENSITIVE INFORMATION OR PERFORM AN ACTION THAT ENABLES AN ATTACKER TO COMPROMISE THE SYSTEM. LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 4. TYPES OF SE ATTACKS Phishing Watering hole IVR Phishing Vhishing Scareware Quid Pro Quo Pretexting Piggybacking Spear phishing Diversion Theft Whaling Honeytrap LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 5. PHISHING • PHISHING IS THE FRAUDULENT ATTEMPT TO OBTAIN SENSITIVE INFORMATION SUCH AS USERNAMES, PASSWORDS, AND CREDIT CARD DETAILS (AND MONEY), OFTEN FOR MALICIOUS REASONS, BY DISGUISING AS A TRUSTWORTHY ENTITY IN AN ELECTRONIC COMMUNICATION. LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 6. A QUICK 2 MINUTE DEMO WITH SOCIALFISH PREREQUISITES ( PLEASE VERIFY IF YOU HAVE INSTALLED ) • PYTHON 3 • WGET FROM PYTHON • PHP • SUDO HTTPS://GITHUB.COM/AN0NUD4Y/SOCIALFISH LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 7. PUNY CODE PHISHING • BY DEFAULT, MANY WEB BROWSERS USE THE XN-- PREFIX KNOWN AS AN ASCII COMPATIBLE ENCODING PREFIX TO INDICATE TO THE WEB BROWSER THAT THE DOMAIN USES PUNYCODE TO REPRESENT UNICODE CHARACTERS WHICH IS A REASONABLE MEASURE TO DEFEND AGAINST HOMOGRAPH PHISHING ATTACKS. LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 8. TYPE THIS IN YOUR BROWSER XN--PYTM-GR5A.COM LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 9. PHISHING 2 FA TOKENS • EVILGINX BECOMES A RELAY BETWEEN THE REAL WEBSITE AND THE PHISHED USER. PHISHED USER INTERACTS WITH THE REAL WEBSITE, WHILE EVILGINX CAPTURES ALL THE DATA BEING TRANSMITTED BETWEEN THE TWO PARTIES. • EVILGINX, BEING THE MAN-IN-THE-MIDDLE, CAPTURES NOT ONLY USERNAMES AND PASSWORDS, BUT ALSO CAPTURES AUTHENTICATION TOKENS SENT AS COOKIES. CAPTURED AUTHENTICATION TOKENS ALLOW THE ATTACKER TO BYPASS ANY FORM OF 2FA ENABLED ON USER'S ACCOUNT • EVEN IF PHISHED USER HAS 2FA ENABLED, THE ATTACKER, OUTFITTED WITH JUST A DOMAIN AND A VPS SERVER, IS ABLE TO REMOTELY TAKE OVER HIS/HER ACCOUNT. IT DOESN'T MATTER IF 2FA IS USING SMS CODES, MOBILE AUTHENTICATOR APP OR RECOVERY KEYS.LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 10. QUICK DEMO PREREQUISTES • DEBIAN 8 VPS. • DOMAIN NAME • INSTALLED GO OF VERSION AT LEAST 1.10.0 • HTTPS://GITHUB.COM/KGRETZKY/EVILGINX2 LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 11. COUNTERMEASURES • TRAIN YOUR EMPLOYEES ON SECURITY AWARENESS • FILTER EMAILS FOR PHISHING THREATS • UPDATE CLIENT-SIDE OPERATING SYSTEMS, SOFTWARE, AND PLUG-INS • HARDEN YOUR CLIENTS • BLOCK INTERNET-BOUND SMB AND KERBEROS TRAFFIC • DETECT MALWARE ON ENDPOINTS • DETECT COMPROMISED CREDENTIALS AND LATERAL MOVEMENT • IMPLEMENT U2F-FACTOR AUTHENTICATION • HAVE AN INCIDENT RESPONSE PLAN LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266
- 12. REFERENCE • HTTPS://WWW.INCAPSULA.COM/WEB-APPLICATION-SECURITY/SOCIAL- ENGINEERING-ATTACK.HTML • HTTPS://WWW.KNOWBE4.COM/WHAT-IS-SOCIAL-ENGINEERING/ LEARN ETHICHAL HACKING COURSE CONTACTUS 9677034266