Skip to content

09.md

Latest commit

 

History

History
95 lines (93 loc) · 3.43 KB

09.md

File metadata and controls

95 lines (93 loc) · 3.43 KB

Module 9 - Social engineering

concepts

  • Behaviors Vulnerable to Attacks
    • authority
    • intimidation
    • consensus of social proof
    • scarcity
    • urgency
    • familiarity or liking
    • trust
    • greed
  • lack of security policies is one of the factors that makes s.e. attack efficient
  • phases
    • research target
    • select a target
    • develop a relationship
    • exploit the relationship
  • types of social engineering
    • human based
      • Impersonation (e.g. impersonation on facebook)
      • Vishing (voice of VoIP phishing)
      • Eavesdropping
      • Shoulder Surfing
      • Dumpster Diving
      • Reverse Social Engineering
      • Piggybacking
      • Tailgating
      • Diversion Theft - involve intercepting deliveries by persuading couriers to go to the wrong location
      • Honey Trap - an attacker pretends to be an attractive person and fakes an online relationship, in order to get sensitive information from their victim.
      • Baiting
      • Quid Pro Quo - low-level attackers call random numbers claiming to be from technical support, and will offer some sort of assistance. Once in a while, they find people with legitimate technical problems and will then "help" them to solve those problems. They guide them through the necessary steps, which then gives the attackers access to the victims' computers or the ability to launch malware.
      • Elicitation - is the strategic use of casual conversation to extract information from people (targets) without giving them the feeling that they are being interrogated or pressed for the information
    • computer based
      • hoax letters
      • chain letters
      • phishing
        • spear phishing
        • whaling
        • phatming
        • spimming
      • pop-up window attack
      • spam mail
      • scareware
      • instant chat messenger
    • mobile based
      • publishing malicious apps
      • using fake security applications
      • repacking legitimate apps
      • SMiShing (SMS phishing)
  • insider threats (may be useful pentest+ table classification)
    • malicious insider
    • negligent insider
    • professional insider
    • compromised insider
  • Behavioral Indications of an Insider Threat
    • Data exfiltration alerts
    • Missing or modified network logs
    • Changes in network usage patterns
    • Multiple failed login attempts
    • Behavioral and temperament changes
    • Unusual time and location of access
    • Missing or modified critical data
    • Unauthorized downloading or copying of sensitive data
    • Logging of different user accounts from different systems
    • Temporal changes in revenue or expenditure
    • Unauthorized access to physical assets
    • Increase or decrease in productivity of employee
    • Inconsistent working hours
    • Unusual business activities
  • identity theft
    • child
    • criminal
    • financial
    • driver's license
    • insurance
    • medical
    • tax
    • Identity Cloning and Concealment
    • synthetic
    • social
  • detecting insider threats
    • insider risk control
    • deterrence control
    • detection control
  • doxing - is the act of publicly revealing previously private personal information about an individual or organization, usually via the internet

tools

  • shellphish
  • netcraft
  • phish tank
  • SET (Social-engineering Toolkit)
  • OhPhish

Back to index | Go to next module