đź“”
eCPPTv2 Notes
  • About
  • 1-System Security
    • Architecture Fundamentals
      • Security Implementations
      • References
    • Assembler Debuggers and Tool Arsenal
      • Compiler
      • NASM
      • Tool Arsenal
      • References
    • Buffer Overflow
      • Finding Buffer Overflows
      • Exploiting Buffer Overflow
      • Security Implementations
      • References
    • Shellcoding
      • Types of Shellcode
      • Encoding of Shellcode
      • Debugging a Shellcode
      • Creating our First Shellcode
      • More Advanced Shellcode
      • Shellcode and Payload Generators
      • References
    • Cryptography and Password Cracking
      • Cryptography Hash Function
      • Public Key Infrastructure
      • Pretty Good Privacy (PGP)
      • Secure Shell (SSH)
      • Cryptographic Attack
      • Security Pitfalls
      • Windows 2000/XP/2k3/Vista/7/8 Passwords
      • References
    • MALWARE
      • Techniques Used by Malware
      • How Malware Spreads
      • Samples
      • References
  • 2-Network Security
    • Information Gathering
      • Search Engines
      • Social Media
      • Infrastructures
      • Tools
      • References
    • Scanning
      • Detect Live Hosts and Ports
      • Service and OS detection
      • Firewall/IDS Evasion
      • References
    • Enumeration
      • NetBIOS
      • SNMP
      • References
    • Sniffing and MitM Attacks
      • What is Sniffing
      • Sniffing in Action
      • Basic of ARP
      • Sniffing Tools
      • Man in the Middle Attacks
      • Attacking Tools
      • Intercepting SSL Traffic
      • References
    • Exploitation
      • Vulnerability Assessment
      • Low Hanging Fruits
      • Exploitation
      • References
    • Post Exploitation
      • Privilege Escalation and Maintaining Access
      • Pillaging / Data Harvesting
      • Mapping the internal network
      • Exploitation through Pivoting
      • References
    • Anonymity
      • Browsing Anonymously
      • Tunneling for Anonymity
      • References
    • Social Engineering
      • Types of Social Engineering
      • Samples of Social Engineering Attacks
      • Pretexting Samples
      • Tools
      • References
  • 3-Powershell for Pentesters
    • Introduction
      • Why PowerShell ?
      • References
    • PowerShell Fundamentals
      • Cmdlets
      • Modules
      • Scripts
      • Objects
      • References
    • Offensive PowerShell
      • Downloading & Execution
      • Obfuscation
      • Information Gathering & Recon
      • Post-Exploitation With Powershell
      • References
Powered by GitBook
On this page

Was this helpful?

  1. 2-Network Security

Social Engineering

Perfected by John Draper (Cap'n Crunch) in the days of Phreaking (Phone Hacking) and used by Kevin Mitnick to gain access to many company systems, Social Engineering is one of the oldest hacking techniques around.

The premise behind social engineering is to exploit the human factor. In other words, putting people in situations where they will rely on the most common forms of social interactions:

• The desire to be helpful
• The tendency to trust people
• The fear of getting in trouble
• Conflict avoidance

By preying on the human factor of system access, many times hackers do not have to navigate around the system security of an organization. The hackers just engages employees inside the company to do that for them.

Instead of spending countless hours trying to infiltrate systems, dump password hashes, crack them and so on, often times a simple “real world” support scenario can either yield all needed information or, install malware inside the company in a matter of minutes.

More recently, the advent of Social Networking has vastly improved the ability of social engineers. As a result, both their ability to trick people into providing sensitive information and lead people into their social engineering exploits has improved. One of the many ways this can be done, is by sending quizzes or surveys on social networks like Facebook.

The “update this” and forward on forms, can actually divulge a great deal of information about someone. People are readily filling them out and posting them on their profiles:

• When was the last time you took a moment to review the
actual information available on the web about you?
• Have you sent any opt-out requests to have information about
you removed from a website?
• Were you even aware that you could do this?

While Social Engineering was often a viable attack path for hackers, it was often overlooked by penetration testers until recently. Having a social engineering aspect to pen-testing is a vital service to your company or clients to show them weaknesses within their employee education.

PreviousReferencesNextTypes of Social Engineering

Last updated 4 years ago

Was this helpful?