SlideShare ist ein Scribd-Unternehmen logo

The art of deception training

Als PPSX, PDF herunterladen
N
Neuromon 21

How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations: https://firstlook.org/theintercept/2014/02/24/jtrig-manipulation Cómo los espías encubiertos se infiltran en Internet para destruir reputaciones: http://actualidad.rt.com/actualidad/view/120860-espias-encubiertos-se-infiltran-internet-destruir-reputaciones http://wwwhome.ewi.utwente.nl/~pieter/CCS/1b-Training.ppt http://www.tes.co.uk/teaching-resource/Stalin-and-the-Art-of-Deception-6298287 http://www.slideshare.net/WGSSGW/the-art-of-deception-24595827

Bildung
1 von 23
Social Engineering The Art of Social Hacking Christopher Stowe
Introduction • What is Social Engineering? o Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering
What is Social Engineering? • Attacker uses human interaction to obtain or compromise information • Attacker my appear unassuming or respectable o Pretend to be a new employee, repair man, ect o May even offer credentials • By asking questions, the attacker may piece enough information together to infiltrate a companies network o May attempt to get information from many sources
Kevin Mitnick Famous Social Engineer Hacker • Went to prison for hacking • Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
Kevin Mitnick - Art of Deception: • "People inherently want to be helpful and therefore are easily duped" • "They assume a level of trust in order to avoid conflict" • "It's all about gaining access to information that people think is innocuous when it isn't" • Here a nice voice on the phone, we want to be helpful • Social engineering cannot be blocked by technology alone
Examples of Social Engineering • Kevin Mitnick talks his way into central Telco office o Tells guard he will get a new badge o Pretend to work there, give manager name from another branch o Fakes a phone conversation when caught • Free food at McDonalds
Live Example • Convinced friend that I would help fix their computer • People inherently want to trust and will believe someone when they want to be helpful • Fixed minor problems on the computer and secretly installed remote control software • Now I have total access to their computer through ultravnc viewer
Types of Social Engineering • Quid Pro Quo o Something for something • Phishing o Fraudulently obtaining private information • Baiting o Real world trojan horse • Pretexting o Invented Scenario • Diversion Theft o A con
Quid Pro Quo • Something for Something o Call random numbers at a company, claiming to be from technical support. o Eventually, you will reach someone with a legitamite problem o Grateful you called them back, they will follow your instructions o The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware
Phishing • Fraudulently obtaining private information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam
Phishing continued • Spear Fishing o Specific phishing  Ex: email that makes claims using your name • Vishing o Phone phishing o Rogue interactive voice system  Ex:call bank to verify information
Baiting • Real world Trojan horse o Uses physical media o Relies on greed/curiosity of victim o Attacker leaves a malware infected cd or usb drive in a location sure to be found o Attacker puts a legitimate or curious lable to gain interest o Ex: "Company Earnings 2009" left at company elevator  Curious employee/Good samaritan uses  User inserts media and unknowingly installs malware
Pretexting • Invented Scenario o Prior Research/Setup used to establish legitimacy  Give information that a user would normally not divulge o This technique is used to impersonate  Authority ect  Using prepared answers to victims questions  Other gathered information o Ex: Law Enforcement  Threat of alleged infraction to detain suspect and hold for questioning
Pretexting Real Example: • Signed up for Free Credit Report • Saw Unauthorized charge from another credit company o Called to dispute charged and was asked for Credit Card Number  They insisted it was useless without the security code o Asked for Social Security number • Talked to Fraud Department at my bank
Diversion Theft • A Con o Persuade deliver person that delivery is requested elsewhere - "Round the Corner" o When deliver is redirected, attacker pursuades delivery driver to unload delivery near address o Ex: Attacker parks security van outside a bank. Victims going to deposit money into a night safe are told that the night safe is out of order. Victims then give money to attacker to put in the fake security van o Most companies do not prepare employees for this type of attack
Weakest Link? • No matter how strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
Ways to Prevent Social Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires Cyber Transportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
Ways to Prevent Social Engineering Cont.. • 3rd Party test - Ethical Hacker o Have a third party come to your company and attempted to hack into your network o 3rd party will attempt to glean information from employees using social engineering o Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
General Saftey • Before transmitting personal information over the internet, check the connection is secure and check the url is correct • If unsure if an email message is legitimate, contact the person or company by another means to verify • Be paranoid and aware when interacting with anything that needs protected o The smallest information could compromise what you're protecting
Conclusion • What is Social Engineering? o Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering
Questions?
Social Engineering Clips Animation: http://www.youtube.com/watch?v=Y6tbUNjL0No Live Action: http://www.youtube.com/watch?v=8TJ4XOvY7II&feature=relate d

Empfohlen

Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking peopleTudor Damian
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & PharmingDevendra Yadav
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 
CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 

Empfohlen

Phishing techniques
Phishing techniquesPhishing techniques
Phishing techniquesSushil Kumar
 
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...
DefCamp 2013 - Night talks - Hacking, phreaking, carding & social engineering...DefCamp
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking peopleTudor Damian
 
Phishing & Pharming
Phishing & PharmingPhishing & Pharming
Phishing & PharmingDevendra Yadav
 
PHISHING PROJECT REPORT
PHISHING PROJECT REPORTPHISHING PROJECT REPORT
PHISHING PROJECT REPORTvineetkathan
 
ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...ESP - FOIs reveal that health_science institutions around the world (211 and ...
ESP - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 
CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...CAT - FOIs reveal that health_science institutions around the world (211 and ...
CAT - FOIs reveal that health_science institutions around the world (211 and ...Neuromon 21
 
Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfExtracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfNeuromon 21
 
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...Neuromon 21
 
Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Neuromon 21
 
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Neuromon 21
 
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresDossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresNeuromon 21
 
Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Neuromon 21
 
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comIs there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comNeuromon 21
 
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...Neuromon 21
 
Ken Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasKen Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasNeuromon 21
 
La Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoLa Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoNeuromon 21
 
Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.bookNeuromon 21
 
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreLanguage the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreNeuromon 21
 
Nutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNeuromon 21
 
La Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalLa Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalNeuromon 21
 
Social engineering - Ingeniería social
Social engineering - Ingeniería socialSocial engineering - Ingeniería social
Social engineering - Ingeniería socialNeuromon 21
 
Arianni conexión atlante
Arianni conexión atlanteArianni conexión atlante
Arianni conexión atlanteNeuromon 21
 
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Neuromon 21
 
Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Neuromon 21
 
Re vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comRe vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comNeuromon 21
 
Margrit kennedy dinero sin interes ni tasa de inflacion
Margrit kennedy dinero sin interes ni tasa de inflacionMargrit kennedy dinero sin interes ni tasa de inflacion
Margrit kennedy dinero sin interes ni tasa de inflacionNeuromon 21
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 

Weitere ähnliche Inhalte

Mehr von Neuromon 21

Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfExtracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfNeuromon 21
 
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...Neuromon 21
 
Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Neuromon 21
 
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Neuromon 21
 
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresDossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresNeuromon 21
 
Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Neuromon 21
 
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comIs there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comNeuromon 21
 
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...Neuromon 21
 
Ken Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasKen Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasNeuromon 21
 
La Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoLa Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoNeuromon 21
 
Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.bookNeuromon 21
 
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreLanguage the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreNeuromon 21
 
Nutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNeuromon 21
 
La Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalLa Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalNeuromon 21
 
Social engineering - Ingeniería social
Social engineering - Ingeniería socialSocial engineering - Ingeniería social
Social engineering - Ingeniería socialNeuromon 21
 
Arianni conexión atlante
Arianni conexión atlanteArianni conexión atlante
Arianni conexión atlanteNeuromon 21
 
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Neuromon 21
 
Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Neuromon 21
 
Re vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comRe vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comNeuromon 21
 
Margrit kennedy dinero sin interes ni tasa de inflacion
Margrit kennedy dinero sin interes ni tasa de inflacionMargrit kennedy dinero sin interes ni tasa de inflacion
Margrit kennedy dinero sin interes ni tasa de inflacionNeuromon 21
 

Mehr von Neuromon 21 (20)

Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdfExtracte La Via del Desprendimiento - Itsou Tsuda.pdf
Extracte La Via del Desprendimiento - Itsou Tsuda.pdf
 
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
(Grafeno) 860 estudios y/o reportes científicos sobre los peligros asociados ...
 
Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021Melissa Ciummei Entrevista Nov 2021
Melissa Ciummei Entrevista Nov 2021
 
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
Evidence of graphene oxide in eua vaccines red voice media karen kingston pow...
 
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidoresDossier sodium chlorite - Dióxido de Cloro scabelum consumidores
Dossier sodium chlorite - Dióxido de Cloro scabelum consumidores
 
Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014Selección origen razas no benevolentes 2014
Selección origen razas no benevolentes 2014
 
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.comIs there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
Is there any hope for a moon base - Nexus Magazine via www. veteranstoday.com
 
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
What i-know.fukushima fire.final - Natural Solutions Foundation - Dr. Rima La...
 
Ken Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las CosasKen Wilber selección del libro Breve Historia de Todas las Cosas
Ken Wilber selección del libro Breve Historia de Todas las Cosas
 
La Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor GattoLa Historia secreta del sistema educativo - John Taylor Gatto
La Historia secreta del sistema educativo - John Taylor Gatto
 
Russian.secret.alien.races.book
Russian.secret.alien.races.bookRussian.secret.alien.races.book
Russian.secret.alien.races.book
 
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libreLanguage the ultimate_tool_of_social_control_ashraf_bhat-libre
Language the ultimate_tool_of_social_control_ashraf_bhat-libre
 
Nutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick HolfordNutrición óptima para la mente - Patrick Holford
Nutrición óptima para la mente - Patrick Holford
 
La Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria NaturalLa Ortiga verde - Folleto Soria Natural
La Ortiga verde - Folleto Soria Natural
 
Social engineering - Ingeniería social
Social engineering - Ingeniería socialSocial engineering - Ingeniería social
Social engineering - Ingeniería social
 
Arianni conexión atlante
Arianni conexión atlanteArianni conexión atlante
Arianni conexión atlante
 
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
Marielalero Compilatorio Bibliotecapleyades 3 pdfs - 24-2-2011 - 27-9-2012
 
Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.Kum nye - Ejercicios de respiración energética.
Kum nye - Ejercicios de respiración energética.
 
Re vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel comRe vision nacidos en la tierra - estel com
Re vision nacidos en la tierra - estel com
 
Margrit kennedy dinero sin interes ni tasa de inflacion
Margrit kennedy dinero sin interes ni tasa de inflacionMargrit kennedy dinero sin interes ni tasa de inflacion
Margrit kennedy dinero sin interes ni tasa de inflacion
 

Kürzlich hochgeladen

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 

Kürzlich hochgeladen (20)

Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 

The art of deception training

  • 1. Social Engineering The Art of Social Hacking Christopher Stowe
  • 2. Introduction • What is Social Engineering? o Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering
  • 3.
  • 4. What is Social Engineering? • Attacker uses human interaction to obtain or compromise information • Attacker my appear unassuming or respectable o Pretend to be a new employee, repair man, ect o May even offer credentials • By asking questions, the attacker may piece enough information together to infiltrate a companies network o May attempt to get information from many sources
  • 5. Kevin Mitnick Famous Social Engineer Hacker • Went to prison for hacking • Became ethical hacker "People are generally helpful, especially to someone who is nice, knowledgeable or insistent."
  • 6. Kevin Mitnick - Art of Deception: • "People inherently want to be helpful and therefore are easily duped" • "They assume a level of trust in order to avoid conflict" • "It's all about gaining access to information that people think is innocuous when it isn't" • Here a nice voice on the phone, we want to be helpful • Social engineering cannot be blocked by technology alone
  • 7. Examples of Social Engineering • Kevin Mitnick talks his way into central Telco office o Tells guard he will get a new badge o Pretend to work there, give manager name from another branch o Fakes a phone conversation when caught • Free food at McDonalds
  • 8. Live Example • Convinced friend that I would help fix their computer • People inherently want to trust and will believe someone when they want to be helpful • Fixed minor problems on the computer and secretly installed remote control software • Now I have total access to their computer through ultravnc viewer
  • 9. Types of Social Engineering • Quid Pro Quo o Something for something • Phishing o Fraudulently obtaining private information • Baiting o Real world trojan horse • Pretexting o Invented Scenario • Diversion Theft o A con
  • 10. Quid Pro Quo • Something for Something o Call random numbers at a company, claiming to be from technical support. o Eventually, you will reach someone with a legitamite problem o Grateful you called them back, they will follow your instructions o The attacker will "help" the user, but will really have the victim type commands that will allow the attacker to install malware
  • 11. Phishing • Fraudulently obtaining private information o Send an email that looks like it came from a legitimate business o Request verification of information and warn of some consequence if not provided o Usually contains link to a fraudulent web page that looks legitimate o User gives information to the social engineer  Ex: Ebay Scam
  • 12. Phishing continued • Spear Fishing o Specific phishing  Ex: email that makes claims using your name • Vishing o Phone phishing o Rogue interactive voice system  Ex:call bank to verify information
  • 13. Baiting • Real world Trojan horse o Uses physical media o Relies on greed/curiosity of victim o Attacker leaves a malware infected cd or usb drive in a location sure to be found o Attacker puts a legitimate or curious lable to gain interest o Ex: "Company Earnings 2009" left at company elevator  Curious employee/Good samaritan uses  User inserts media and unknowingly installs malware
  • 14. Pretexting • Invented Scenario o Prior Research/Setup used to establish legitimacy  Give information that a user would normally not divulge o This technique is used to impersonate  Authority ect  Using prepared answers to victims questions  Other gathered information o Ex: Law Enforcement  Threat of alleged infraction to detain suspect and hold for questioning
  • 15. Pretexting Real Example: • Signed up for Free Credit Report • Saw Unauthorized charge from another credit company o Called to dispute charged and was asked for Credit Card Number  They insisted it was useless without the security code o Asked for Social Security number • Talked to Fraud Department at my bank
  • 16. Diversion Theft • A Con o Persuade deliver person that delivery is requested elsewhere - "Round the Corner" o When deliver is redirected, attacker pursuades delivery driver to unload delivery near address o Ex: Attacker parks security van outside a bank. Victims going to deposit money into a night safe are told that the night safe is out of order. Victims then give money to attacker to put in the fake security van o Most companies do not prepare employees for this type of attack
  • 17. Weakest Link? • No matter how strong your: o Firewalls o Intrusion Detection Systems o Cryptography o Anti-virus software • You are the weakest link in computer security! o People are more vulnerable than computers • "The weakest link in the security chain is the human element" -Kevin Mitnick
  • 18. Ways to Prevent Social Engineering Training • User Awareness o User knows that giving out certain information is bad • Military requires Cyber Transportation to hold o Top Secret Security Clearance o Security Plus Certification • Policies o Employees are not allowed to divulge private information o Prevents employees from being socially pressured or tricked
  • 19. Ways to Prevent Social Engineering Cont.. • 3rd Party test - Ethical Hacker o Have a third party come to your company and attempted to hack into your network o 3rd party will attempt to glean information from employees using social engineering o Helps detect problems people have with security • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about internal information • Do not provide personal information, information about the company(such as internal network) unless authority of person is verified
  • 20. General Saftey • Before transmitting personal information over the internet, check the connection is secure and check the url is correct • If unsure if an email message is legitimate, contact the person or company by another means to verify • Be paranoid and aware when interacting with anything that needs protected o The smallest information could compromise what you're protecting
  • 21. Conclusion • What is Social Engineering? o Manipulate people into doing something, rather than by breaking in using technical means • Types of Social Engineering o Quid Pro Quo o Phishing o Baiting o Pretexting o Diversion Theft • Ways to prevent Social Engineering
  • 23. Social Engineering Clips Animation: http://www.youtube.com/watch?v=Y6tbUNjL0No Live Action: http://www.youtube.com/watch?v=8TJ4XOvY7II&feature=relate d