SlideShare ist ein Scribd-Unternehmen logo

Social Engineering Techniques - The Dark Arts

n|u - The Open Security Community
n|u - The Open Security Community

null Hyderabad Chapter - May 2014

BildungTechnologieBusiness
1 von 25
Downloaden Sie, um offline zu lesen
What is Social Engineering “The act of manipulating people into performing actions or divulging confidential information..” Wikipedia (also sourced on social-engineer.org)
Origin of “Social Engineering”  Social Engineering this word came in the year of 1894 by a Dutch guy.  Social Engineering is there 100 years ago also.  The person who do Social Engineering we call as Conn Artists
Some Popular Conn Artists in 20th Century
Victor Lustig  The person who sold the Eiffel Tower number of times.  Used current events.  He made a deal with Scrap Dealers, selling the structure to them for $40,000.  An extremely good deal for buyers – too good to be true
Hotel Ritz
Social Engineering 40-50 years ago
Frank Abagnale Jr
Frank Abagnale Jr  Fake pilot arrested in cockpit.  He acted as a Lawyer, Doctor and pilot.  Abagnale‟s cons were often check frauds.  Did it will work today ?
Social Engineering in 20th Century
Kevin Mitnick  20 years ago person named “Kevin Mitnick” brought social engineering in IT security.  He is an American Security Consultant, author, convicted criminal and Hacker.  According to US department of justice, Kevin gained unauthorized access to dozens of computer networks.
Weakest Link  People are the largest vulnerabilities in any network  Social engineering is based on decision making of human being
Motivation  There are variety of motivations exists which includes,  Financial Gain  Self-Interest  Revenge  External Pressure
Cycle of Events  It consists of 4 phases  Information Gathering  Developing Relationship  Execution  Exploitation
Information Gathering “If you know the enemy and know yourself you need not fear the results of a hundred battles” -Sun Tzu
Cycle of Events  Information Gathering  A Variety of techniques can be used by an aggressor to gather information about the target(s). Once gathered, this information can then be used to build a relationship with either the target or someone important to the success of the attack.  Developing Relationship  An aggressor may freely exploit the willingness of a target to be trusting in order to develop rapport with them. While developing this relationship, the aggressor will position himself into a position of trust which he will then exploit
Cycle of Events  Exploitation  The target may then be manipulated by the „trusted‟ aggressor to reveal information (e.g. passwords) or perform an action (e.g. creating an account or reversing telephone charges) that would not normally occur. This action could be the end of the attack or the beginning of the next stage.  Execution  Once the target has completed the task requested by the aggressor, the cycle is complete.
How Social Engineering is accomplished  Telephone  Online  Dumpster Diving  Shoulder Surfing  Reverse Social Engineering  Persuasion
How Social Engineering is accomplished  Telephone  Using telephones to contact individuals of a company to persuade them to divulge in confidential information.  Online  Persuading or gathering information through the use of an online chat.  Dumpster Diving  Looking for information discarded by a company employees.
How Social Engineering is accomplished  Shoulder Surfing  Simply looking over someone‟s shoulder while they are using a computer.  Reverse Social Engineering  This is a more advanced method of social engineering and is almost always successful.  Persuasion  Persuading someone to give your confidential information either by convincing them you are someone who can be trusted.
Biases  Biases are nothing but the deviations from a standard of rationality or good judgments.  There are many types of biasing, but these five are important ones:  Pretexting  Phishing  IVR or Phone Phishing  Baiting  Tailgating
Preventive Measures  Organizations must, on an employee/personnel level, establish frameworks of trust. (i.e., When/Where/Why/How should sensitive information be handled?)  Organizations must identify which information is sensitive and question its integrity in all forms. (i.e., Social Engineering, Building Security, Computer Security, etc.)  Organizations must establish security protocols for the people who handle sensitive information. (i.e., Paper-Trails for information disclosure and/or forensic crumbs)
Social Engineering Techniques - The Dark Arts
Social Engineering Techniques - The Dark Arts

Empfohlen

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringAhmed Musaad
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 

Empfohlen

Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Social engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorSocial engineering-Attack of the Human Behavior
Social engineering-Attack of the Human BehaviorJames Krusic
 
Social engineering
Social engineeringSocial engineering
Social engineeringAlexander Zhuravlev
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringPaul Devassy, CPP
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringAhmed Musaad
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering TechniquesNeelu Tripathy
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringNicholas Davis
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacksmasoud khademi
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineeringn|u - The Open Security Community
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 
Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersVi Tính Hoàng Nam
 
Social engineering-Sandy Suhling
Social engineering-Sandy SuhlingSocial engineering-Sandy Suhling
Social engineering-Sandy Suhlingsuhlingse
 

Weitere ähnliche Inhalte

Was ist angesagt?

BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskRob Ragan
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering TechniquesNeelu Tripathy
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansRob Ragan
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917Evan Francen
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
social engineering
social engineering social engineering
social engineeringRavi Patel
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkJahangirnagar University
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacksmasoud khademi
 
Social engineering
Social engineeringSocial engineering
Social engineeringMaulik Kotak
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and BadTzar Umang
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering BasicsLuke Rusten
 

Was ist angesagt? (20)

BSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering RiskBSidesPGH - Never Surrender - Reducing Social Engineering Risk
BSidesPGH - Never Surrender - Reducing Social Engineering Risk
 
Social Engineering Techniques
Social Engineering TechniquesSocial Engineering Techniques
Social Engineering Techniques
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social engineering
Social engineering Social engineering
Social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response PlansSocial Engineering: the Bad, Better, and Best Incident Response Plans
Social Engineering: the Bad, Better, and Best Incident Response Plans
 
MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917MHTA Social Engineering Presentation - 050917
MHTA Social Engineering Presentation - 050917
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
social engineering
social engineering social engineering
social engineering
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Social engineering for security attacks
Social engineering for security attacksSocial engineering for security attacks
Social engineering for security attacks
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
 
Social engineering The Good and Bad
Social engineering The Good and BadSocial engineering The Good and Bad
Social engineering The Good and Bad
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Social Engineering Basics
Social Engineering BasicsSocial Engineering Basics
Social Engineering Basics
 

Andere mochten auch

Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersVi Tính Hoàng Nam
 
Social engineering-Sandy Suhling
Social engineering-Sandy SuhlingSocial engineering-Sandy Suhling
Social engineering-Sandy Suhlingsuhlingse
 
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...IntelCollab.com
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking peopleTudor Damian
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 
Intelligence Led Policing for Police Decision Makers
Intelligence Led Policing for Police Decision MakersIntelligence Led Policing for Police Decision Makers
Intelligence Led Policing for Police Decision MakersDeborah Osborne
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Chris Hammond-Thrasher
 
Corporate-Espionage
Corporate-EspionageCorporate-Espionage
Corporate-EspionageSam
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesNora A. Rahim
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligencekelsports
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 

Andere mochten auch (16)

Ce hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insidersCe hv6 module 48 corporate espionage by insiders
Ce hv6 module 48 corporate espionage by insiders
 
Social engineering-Sandy Suhling
Social engineering-Sandy SuhlingSocial engineering-Sandy Suhling
Social engineering-Sandy Suhling
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Corporate Espionage in India
Corporate Espionage in IndiaCorporate Espionage in India
Corporate Espionage in India
 
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
 
Social Engineering, or hacking people
Social Engineering, or hacking peopleSocial Engineering, or hacking people
Social Engineering, or hacking people
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
Intelligence Led Policing for Police Decision Makers
Intelligence Led Policing for Police Decision MakersIntelligence Led Policing for Police Decision Makers
Intelligence Led Policing for Police Decision Makers
 
Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)Hacker tooltalk: Social Engineering Toolkit (SET)
Hacker tooltalk: Social Engineering Toolkit (SET)
 
Corporate-Espionage
Corporate-EspionageCorporate-Espionage
Corporate-Espionage
 
Information Gathering in Intelligence Agencies
Information Gathering in Intelligence AgenciesInformation Gathering in Intelligence Agencies
Information Gathering in Intelligence Agencies
 
Basic intelligence
Basic intelligenceBasic intelligence
Basic intelligence
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Counterintelligence
CounterintelligenceCounterintelligence
Counterintelligence
 
Intelligence Cycle
Intelligence CycleIntelligence Cycle
Intelligence Cycle
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 

Ähnlich wie Social Engineering Techniques - The Dark Arts

Social Engineering By Rakesh Nagekar
Social Engineering By Rakesh NagekarSocial Engineering By Rakesh Nagekar
Social Engineering By Rakesh Nagekarnforceit
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
Data security concepts chapter 2
Data security concepts chapter 2Data security concepts chapter 2
Data security concepts chapter 2Nickkisha Farrell
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"abercius24
 
Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Lisa Stockley
 
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSocial engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSteven Hatfield
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
SECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.pptSECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.pptCakraWicaksono3
 
SECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.pptSECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.pptpixvilx
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdfRamya Nellutla
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptxTapan Khilar
 
What is social engineering.pdf
What is social engineering.pdfWhat is social engineering.pdf
What is social engineering.pdfuzair
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Kolluru N Rao
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)CA.Kolluru Narayanarao
 
34088.Chapter-2.pptx
34088.Chapter-2.pptx34088.Chapter-2.pptx
34088.Chapter-2.pptxNAVEEN128672
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
Facts About Social Engineering Services - Aardwolf Security
Facts About Social Engineering Services - Aardwolf SecurityFacts About Social Engineering Services - Aardwolf Security
Facts About Social Engineering Services - Aardwolf SecurityAardwolf Security
 

Ähnlich wie Social Engineering Techniques - The Dark Arts (20)

Social Engineering By Rakesh Nagekar
Social Engineering By Rakesh NagekarSocial Engineering By Rakesh Nagekar
Social Engineering By Rakesh Nagekar
 
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering AttacksPACE-IT, Security+3.3: Summary of Social Engineering Attacks
PACE-IT, Security+3.3: Summary of Social Engineering Attacks
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Data security concepts chapter 2
Data security concepts chapter 2Data security concepts chapter 2
Data security concepts chapter 2
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
 
Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry Why is cybersecurity important for the entertainment industry
Why is cybersecurity important for the entertainment industry
 
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSocial engineering 101 or The Art of How You Got Owned by That Random Stranger
Social engineering 101 or The Art of How You Got Owned by That Random Stranger
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
SECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.pptSECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.ppt
 
SECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.pptSECURITY AND SOCIAL ENGINEERING.ppt
SECURITY AND SOCIAL ENGINEERING.ppt
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
 
cyber security.pptx
cyber security.pptxcyber security.pptx
cyber security.pptx
 
What is social engineering.pdf
What is social engineering.pdfWhat is social engineering.pdf
What is social engineering.pdf
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
 
Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)Lesson iv on fraud awareness (cyber frauds)
Lesson iv on fraud awareness (cyber frauds)
 
34088.Chapter-2.pptx
34088.Chapter-2.pptx34088.Chapter-2.pptx
34088.Chapter-2.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Facts About Social Engineering Services - Aardwolf Security
Facts About Social Engineering Services - Aardwolf SecurityFacts About Social Engineering Services - Aardwolf Security
Facts About Social Engineering Services - Aardwolf Security
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 

Kürzlich hochgeladen (20)

ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 

Social Engineering Techniques - The Dark Arts

  • 1.
  • 2.
  • 3. What is Social Engineering “The act of manipulating people into performing actions or divulging confidential information..” Wikipedia (also sourced on social-engineer.org)
  • 4. Origin of “Social Engineering”  Social Engineering this word came in the year of 1894 by a Dutch guy.  Social Engineering is there 100 years ago also.  The person who do Social Engineering we call as Conn Artists
  • 5. Some Popular Conn Artists in 20th Century
  • 6. Victor Lustig  The person who sold the Eiffel Tower number of times.  Used current events.  He made a deal with Scrap Dealers, selling the structure to them for $40,000.  An extremely good deal for buyers – too good to be true
  • 10. Frank Abagnale Jr  Fake pilot arrested in cockpit.  He acted as a Lawyer, Doctor and pilot.  Abagnale‟s cons were often check frauds.  Did it will work today ?
  • 11. Social Engineering in 20th Century
  • 12. Kevin Mitnick  20 years ago person named “Kevin Mitnick” brought social engineering in IT security.  He is an American Security Consultant, author, convicted criminal and Hacker.  According to US department of justice, Kevin gained unauthorized access to dozens of computer networks.
  • 13. Weakest Link  People are the largest vulnerabilities in any network  Social engineering is based on decision making of human being
  • 14. Motivation  There are variety of motivations exists which includes,  Financial Gain  Self-Interest  Revenge  External Pressure
  • 15. Cycle of Events  It consists of 4 phases  Information Gathering  Developing Relationship  Execution  Exploitation
  • 16. Information Gathering “If you know the enemy and know yourself you need not fear the results of a hundred battles” -Sun Tzu
  • 17. Cycle of Events  Information Gathering  A Variety of techniques can be used by an aggressor to gather information about the target(s). Once gathered, this information can then be used to build a relationship with either the target or someone important to the success of the attack.  Developing Relationship  An aggressor may freely exploit the willingness of a target to be trusting in order to develop rapport with them. While developing this relationship, the aggressor will position himself into a position of trust which he will then exploit
  • 18. Cycle of Events  Exploitation  The target may then be manipulated by the „trusted‟ aggressor to reveal information (e.g. passwords) or perform an action (e.g. creating an account or reversing telephone charges) that would not normally occur. This action could be the end of the attack or the beginning of the next stage.  Execution  Once the target has completed the task requested by the aggressor, the cycle is complete.
  • 19. How Social Engineering is accomplished  Telephone  Online  Dumpster Diving  Shoulder Surfing  Reverse Social Engineering  Persuasion
  • 20. How Social Engineering is accomplished  Telephone  Using telephones to contact individuals of a company to persuade them to divulge in confidential information.  Online  Persuading or gathering information through the use of an online chat.  Dumpster Diving  Looking for information discarded by a company employees.
  • 21. How Social Engineering is accomplished  Shoulder Surfing  Simply looking over someone‟s shoulder while they are using a computer.  Reverse Social Engineering  This is a more advanced method of social engineering and is almost always successful.  Persuasion  Persuading someone to give your confidential information either by convincing them you are someone who can be trusted.
  • 22. Biases  Biases are nothing but the deviations from a standard of rationality or good judgments.  There are many types of biasing, but these five are important ones:  Pretexting  Phishing  IVR or Phone Phishing  Baiting  Tailgating
  • 23. Preventive Measures  Organizations must, on an employee/personnel level, establish frameworks of trust. (i.e., When/Where/Why/How should sensitive information be handled?)  Organizations must identify which information is sensitive and question its integrity in all forms. (i.e., Social Engineering, Building Security, Computer Security, etc.)  Organizations must establish security protocols for the people who handle sensitive information. (i.e., Paper-Trails for information disclosure and/or forensic crumbs)