SlideShare une entreprise Scribd logo

Social Engineering 2.0: Defined, Engineers, Phishing, Spear Phishing & Whaling

Murray Security Services
Murray Security Services

Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.

Technologie
1  sur  19
Télécharger pour lire hors ligne
Social Engineering2.0 Dr. Shawn P. Murray, CISSP, CRISC, FITSP-A NSI IMPACT 2012
Agenda • • • • • • Social Engineering Defined Who Are Social Engineers? Famous Social Engineers Computing Age – Phishing – Spear Phishing – Whaling – Hacking & Exploits Countermeasures – Training, Training, Training! Resources for security professionals – Publications – Websites – Technical (Tools)
What is Social Engineering? According to the www.Social-Engineer.org site • “Social Engineering is defined as the process of deceiving people into giving away access or confidential information.” • Wikipedia defines it as: "is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim." • “Although it has been given a bad name by the plethora of "free pizza", "free coffee", and "how to pick up chicks" sites, aspects social engineering actually touches on many parts of daily life.” • “Many consider social engineering to be the greatest risk to security.” Source: http://www.social-engineer.org/framework/Social_Engineering_Defined
Who are Social Engineers? By Trade: • Detectives • Special Agents • Lawyers • Sales professionals • Recruiters • Doctors • Psychologists • Any profession that uses human subjects to elicit information or to modify behavior By Relationships • Children • Parents & Grandparents • Spouses • Friends Bad Guys • • • • • Scam artists or Cons Cyber criminals • Hackers • State actors Foreign governments Disgruntled Employees • Insider Threat Identity Thieves • Social Programs • Medical ID Theft • Banking & Insurance • Impersonation
Prominent Social Engineers At age 12, Kevin Mitnick used social engineering to bypass the punchcard system used in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering became his primary method of obtaining information, including user names and passwords and modem phone numbers  Mitnick gained unauthorized access to his first computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software which he stole.  He was charged with and convicted of the crime in 1988.  Hacked into Pacific Bell voice mail computers. After a warrant was issued for his arrest, Mitnick fled, becoming a fugitive for 2 ½ years.  According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country's largest cellular telephone and computer companies.
Prominent Social Engineers • Frank William Abagnale, Jr. is an American security consultant known for his history as a former confidence trickster, check forger, impostor, and escape artist. He became notorious in the 1960s for passing $2.5 million worth of meticulously forged checks across 26 countries over the course of five years, beginning when he was 16 years old. • In the process, he became one of the most famous impostors ever, claiming to have assumed no fewer than eight separate identities as an airline pilot, a doctor, a U.S. Bureau of Prisons agent, and a lawyer. He escaped from police custody twice (once from a taxiing airliner and once from a U.S. federal penitentiary), before he was 21 years old. • He served fewer than five years in prison before starting to work for the federal government. He is a consultant and lecturer at the academy and field offices for the FBI. He also runs Abagnale & Associates, a financial fraud consultancy company Source: http://en.wikipedia.org/wiki/Frank_William_Abagnale y
Top Security Risks according to SANS • • • • Priority One: Client-side software that remains unpatched. Priority Two: Internet-facing web sites that are vulnerable. Operating systems continue to have fewer remotely-exploitable vulnerabilities that lead to massive Internet worms. Rising numbers of zero-day vulnerabilities
Phishing Planning. Phishers decide which business to target and determine how to get email addresses for the customers of that business. They often use the same massmailing and address collection techniques as spammers. Setup. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page. Attack. This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source. Collection. Phishers record the information victims enter into Web pages or popup windows. Identity Theft and Fraud. The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover [Source: Information Week]. ­If the phisher wants to coordinate another attack, he evaluates the successes and failures of the completed scam and begins the cycle again Source: by Tracy V. Wilson (www.howstuffworks.com)
Spear Phishing Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority Visiting West Point teacher and National Security Agency expert Aaron Ferguson calls it the "colonel effect." To illustrate his point, Ferguson sent out a message to 500 cadets asking them to click a link to verify grades. Ferguson's message appeared to come from a Colonel Robert Melville of West Point. Over 80% of recipients clicked the link in the message. In response, they received a notification that they'd been duped and warning that their behavior could have resulted in downloads of spyware, Trojan horses and/or other malware. Source: by Search Security.com (http://searchsecurity.techtarget.com)
Whaling Whaling is a form of spear phishing that occurs when a scammer targets an organization and sends personalized emails to a specific executive officer or senior manager. Emails refer to fake but critical business matters, such as a legal subpoenas or customer complaints. Emails may appear to have been sent from a trustworthy source such as an employer or staff member within the organization. Email addresses may be similar (but not identical) to an address you are familiar with. The scammer’s aim is to convince you that the email requires urgent action by following a link to a fake website or opening a malware-infected attachment. When you visit the fake, but convincing website, it will ask you to do one or more of the following: • enter confidential company information and passwords • provide financial details or enter them when making a payment for a fake software download. If financial details are provided, the scammer will use them to commit fraud. Alternatively, if you open an email attachment, it will download malware onto your computer. Malware can record your key strokes, passwords and other company information, allowing the scammer to access it when you go online. Source: http://www.scamwatch.gov.au/content/index.phtml/itemId/829460
File Sharing & Cloud Storage Hackers use popular sites where anonymous accounts can be created and used to store or distribute hack exploits.
Tools - Back Track • The Back Track distribution originated from the Linux counterparts WHAX and Max Moser's Auditor Security Collection - "The Swiss Army Knife for security assessments". • Both where focused on Linux-based penetration tests. While WHAX was packed with more features, Auditor was based on structure and stability. Auditor featured well-laid-out menus for its collection of over 300 tools for troubleshooting, network and systems-fortifying. • Its user-friendliness resulted in enhanced usability for penetration testing which led to the formulation of the Back Track security testing distribution. The Auditor Security Collection was a Live CD based on Knoppix. Source http://www.remote-exploit.org/articles/backtrack/index.html
Training, Training, Training! • Education – Degrees are available in computer forensics and Information Assurance – Federal Government have resources within their agencies – Department of Defense • DISA • JKO, AKO – NSA • Coordinate through your government sponsors • Excellent pentest training – READ! Collaborate! Network! – Join Local Chapters of Security Organizations
Training, Training, Training! • Certifications – Certified Ethical Hacker (CEH) – Certified EC-Council Instructor (CEI) – Computer Hacking Forensic Investigator (CHFI) – EC-Council Certified Security Analyst (ECSA) – EC-Council Certified Incident Handler (ECIH) – Certified Network Defense Architect (CNDA) – Licensed Penetration Tester (LPT) – EC-Council Certified VOIP Professional (ECVP) – EC-Council Network Security Administrator (ENSA) – EC-Council Certified Computer Investigator (ECCI
Publications • Social Engineering: The Art of Human Hacking by Chris Hadnagy • The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick • What Every BODY is Saying: An Ex-FBI Agent's Guide to SpeedReading People by Joe Navarro • Social Engineering: Hacking The Human Mind an article in Forbes Magazine by Eric Savitz, Forbes Staff (March 29, 2012)
Websites recommending technical tools Social-Engineering-Toolkit http://www.youtube.com/watch?v=9f2ANmI2-RI Social-Engineering Toolkit (SET) http://www.offensive-security.com/metasploit-unleashed/SET The Metasploit Project is an open-source, computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. http://www.metasploit.com/ SANS Institute http://www.sans.org/top-cyber-security-risks/ Social Engineer.org http://www.social-engineer.org/
QUESTIONS?

Recommandé

Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringprimeteacher32
 

Recommandé

Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringprimeteacher32
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdfMariGogokhia
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 

Contenu connexe

Tendances

Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaMurray Security Services
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?JamRivera1
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessNicholas Davis
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkRichard Common
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 

Tendances (20)

Social engineering
Social engineeringSocial engineering
Social engineering
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?Social Engineering - Are You Protecting Your Data Enough?
Social Engineering - Are You Protecting Your Data Enough?
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human Behavior
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
UW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing AwarenessUW School of Medicine Social Engineering and Phishing Awareness
UW School of Medicine Social Engineering and Phishing Awareness
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
social engineering
social engineering social engineering
social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 

Similaire à Social Engineering 2.0: Defined, Engineers, Phishing, Spear Phishing & Whaling

Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International Scott Mills
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingSachin Saini
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesArnav Chowdhury
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWPICPE
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing AttacksRapid7
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxchrixymae
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessMaherHamza9
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docxMehwishAnsari11
 

Similaire à Social Engineering 2.0: Defined, Engineers, Phishing, Spear Phishing & Whaling (20)

Phishing.pdf
Phishing.pdfPhishing.pdf
Phishing.pdf
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
 
Cybercriminals Are Lurking
Cybercriminals Are LurkingCybercriminals Are Lurking
Cybercriminals Are Lurking
 
Cybercrime blog
Cybercrime blogCybercrime blog
Cybercrime blog
 
FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International FBI And Cyber Crime | Crime Stoppers International
FBI And Cyber Crime | Crime Stoppers International
 
Phishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS WorkingPhishing attack, with SSL Encryption and HTTPS Working
Phishing attack, with SSL Encryption and HTTPS Working
 
Unit iii: Common Hacking Techniques
Unit iii: Common Hacking TechniquesUnit iii: Common Hacking Techniques
Unit iii: Common Hacking Techniques
 
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at HomeWebinar - Cyber Hygiene: Stay Clean at Work and at Home
Webinar - Cyber Hygiene: Stay Clean at Work and at Home
 
Hacking
Hacking Hacking
Hacking
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
International-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptxInternational-Dimensions-of-Cybercrime (1).pptx
International-Dimensions-of-Cybercrime (1).pptx
 
Cybercrime 1
Cybercrime 1Cybercrime 1
Cybercrime 1
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awarenessOWASP_Presentation_FINAl. Cybercrime and cyber security awareness
OWASP_Presentation_FINAl. Cybercrime and cyber security awareness
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
social engineering attacks.docx
social engineering attacks.docxsocial engineering attacks.docx
social engineering attacks.docx
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Plus de Murray Security Services

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueMurray Security Services
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Murray Security Services
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 

Plus de Murray Security Services (14)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 

Dernier

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Dernier (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Social Engineering 2.0: Defined, Engineers, Phishing, Spear Phishing & Whaling

  • 1. Social Engineering2.0 Dr. Shawn P. Murray, CISSP, CRISC, FITSP-A NSI IMPACT 2012
  • 2. Agenda • • • • • • Social Engineering Defined Who Are Social Engineers? Famous Social Engineers Computing Age – Phishing – Spear Phishing – Whaling – Hacking & Exploits Countermeasures – Training, Training, Training! Resources for security professionals – Publications – Websites – Technical (Tools)
  • 3. What is Social Engineering? According to the www.Social-Engineer.org site • “Social Engineering is defined as the process of deceiving people into giving away access or confidential information.” • Wikipedia defines it as: "is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim." • “Although it has been given a bad name by the plethora of "free pizza", "free coffee", and "how to pick up chicks" sites, aspects social engineering actually touches on many parts of daily life.” • “Many consider social engineering to be the greatest risk to security.” Source: http://www.social-engineer.org/framework/Social_Engineering_Defined
  • 4. Who are Social Engineers? By Trade: • Detectives • Special Agents • Lawyers • Sales professionals • Recruiters • Doctors • Psychologists • Any profession that uses human subjects to elicit information or to modify behavior By Relationships • Children • Parents & Grandparents • Spouses • Friends Bad Guys • • • • • Scam artists or Cons Cyber criminals • Hackers • State actors Foreign governments Disgruntled Employees • Insider Threat Identity Thieves • Social Programs • Medical ID Theft • Banking & Insurance • Impersonation
  • 5. Prominent Social Engineers At age 12, Kevin Mitnick used social engineering to bypass the punchcard system used in the Los Angeles bus system. After a friendly bus driver told him where he could buy his own ticket punch, he could ride any bus in the greater LA area using unused transfer slips he found in the trash. Social engineering became his primary method of obtaining information, including user names and passwords and modem phone numbers  Mitnick gained unauthorized access to his first computer network in 1979, at 16, when a friend gave him the phone number for the Ark, the computer system Digital Equipment Corporation (DEC) used for developing their RSTS/E operating system software which he stole.  He was charged with and convicted of the crime in 1988.  Hacked into Pacific Bell voice mail computers. After a warrant was issued for his arrest, Mitnick fled, becoming a fugitive for 2 ½ years.  According to the U.S. Department of Justice, Mitnick gained unauthorized access to dozens of computer networks while he was a fugitive. He cloned cellular phones to hide his location and, among other things, copied valuable proprietary software from some of the country's largest cellular telephone and computer companies.
  • 6. Prominent Social Engineers • Frank William Abagnale, Jr. is an American security consultant known for his history as a former confidence trickster, check forger, impostor, and escape artist. He became notorious in the 1960s for passing $2.5 million worth of meticulously forged checks across 26 countries over the course of five years, beginning when he was 16 years old. • In the process, he became one of the most famous impostors ever, claiming to have assumed no fewer than eight separate identities as an airline pilot, a doctor, a U.S. Bureau of Prisons agent, and a lawyer. He escaped from police custody twice (once from a taxiing airliner and once from a U.S. federal penitentiary), before he was 21 years old. • He served fewer than five years in prison before starting to work for the federal government. He is a consultant and lecturer at the academy and field offices for the FBI. He also runs Abagnale & Associates, a financial fraud consultancy company Source: http://en.wikipedia.org/wiki/Frank_William_Abagnale y
  • 7. Top Security Risks according to SANS • • • • Priority One: Client-side software that remains unpatched. Priority Two: Internet-facing web sites that are vulnerable. Operating systems continue to have fewer remotely-exploitable vulnerabilities that lead to massive Internet worms. Rising numbers of zero-day vulnerabilities
  • 8. Phishing Planning. Phishers decide which business to target and determine how to get email addresses for the customers of that business. They often use the same massmailing and address collection techniques as spammers. Setup. Once they know which business to spoof and who their victims are, phishers create methods for delivering the message and collecting the data. Most often, this involves e-mail addresses and a Web page. Attack. This is the step people are most familiar with -- the phisher sends a phony message that appears to be from a reputable source. Collection. Phishers record the information victims enter into Web pages or popup windows. Identity Theft and Fraud. The phishers use the information they've gathered to make illegal purchases or otherwise commit fraud. As many as a fourth of the victims never fully recover [Source: Information Week]. ­If the phisher wants to coordinate another attack, he evaluates the successes and failures of the completed scam and begins the cycle again Source: by Tracy V. Wilson (www.howstuffworks.com)
  • 9. Spear Phishing Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority Visiting West Point teacher and National Security Agency expert Aaron Ferguson calls it the "colonel effect." To illustrate his point, Ferguson sent out a message to 500 cadets asking them to click a link to verify grades. Ferguson's message appeared to come from a Colonel Robert Melville of West Point. Over 80% of recipients clicked the link in the message. In response, they received a notification that they'd been duped and warning that their behavior could have resulted in downloads of spyware, Trojan horses and/or other malware. Source: by Search Security.com (http://searchsecurity.techtarget.com)
  • 10. Whaling Whaling is a form of spear phishing that occurs when a scammer targets an organization and sends personalized emails to a specific executive officer or senior manager. Emails refer to fake but critical business matters, such as a legal subpoenas or customer complaints. Emails may appear to have been sent from a trustworthy source such as an employer or staff member within the organization. Email addresses may be similar (but not identical) to an address you are familiar with. The scammer’s aim is to convince you that the email requires urgent action by following a link to a fake website or opening a malware-infected attachment. When you visit the fake, but convincing website, it will ask you to do one or more of the following: • enter confidential company information and passwords • provide financial details or enter them when making a payment for a fake software download. If financial details are provided, the scammer will use them to commit fraud. Alternatively, if you open an email attachment, it will download malware onto your computer. Malware can record your key strokes, passwords and other company information, allowing the scammer to access it when you go online. Source: http://www.scamwatch.gov.au/content/index.phtml/itemId/829460
  • 11.
  • 12. File Sharing & Cloud Storage Hackers use popular sites where anonymous accounts can be created and used to store or distribute hack exploits.
  • 13. Tools - Back Track • The Back Track distribution originated from the Linux counterparts WHAX and Max Moser's Auditor Security Collection - "The Swiss Army Knife for security assessments". • Both where focused on Linux-based penetration tests. While WHAX was packed with more features, Auditor was based on structure and stability. Auditor featured well-laid-out menus for its collection of over 300 tools for troubleshooting, network and systems-fortifying. • Its user-friendliness resulted in enhanced usability for penetration testing which led to the formulation of the Back Track security testing distribution. The Auditor Security Collection was a Live CD based on Knoppix. Source http://www.remote-exploit.org/articles/backtrack/index.html
  • 14.
  • 15. Training, Training, Training! • Education – Degrees are available in computer forensics and Information Assurance – Federal Government have resources within their agencies – Department of Defense • DISA • JKO, AKO – NSA • Coordinate through your government sponsors • Excellent pentest training – READ! Collaborate! Network! – Join Local Chapters of Security Organizations
  • 16. Training, Training, Training! • Certifications – Certified Ethical Hacker (CEH) – Certified EC-Council Instructor (CEI) – Computer Hacking Forensic Investigator (CHFI) – EC-Council Certified Security Analyst (ECSA) – EC-Council Certified Incident Handler (ECIH) – Certified Network Defense Architect (CNDA) – Licensed Penetration Tester (LPT) – EC-Council Certified VOIP Professional (ECVP) – EC-Council Network Security Administrator (ENSA) – EC-Council Certified Computer Investigator (ECCI
  • 17. Publications • Social Engineering: The Art of Human Hacking by Chris Hadnagy • The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick • What Every BODY is Saying: An Ex-FBI Agent's Guide to SpeedReading People by Joe Navarro • Social Engineering: Hacking The Human Mind an article in Forbes Magazine by Eric Savitz, Forbes Staff (March 29, 2012)
  • 18. Websites recommending technical tools Social-Engineering-Toolkit http://www.youtube.com/watch?v=9f2ANmI2-RI Social-Engineering Toolkit (SET) http://www.offensive-security.com/metasploit-unleashed/SET The Metasploit Project is an open-source, computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. http://www.metasploit.com/ SANS Institute http://www.sans.org/top-cyber-security-risks/ Social Engineer.org http://www.social-engineer.org/