« Previous 1 2 3 4
Guarding against social engineering attacks
Persuasion
It Ends Here
The Social-Engineer Toolkit has simply too many facets to cover here. If you keep rummaging, you'll find WiFi tools for wireless monitoring, testing, cracking, and attacking, and I haven't even mentioned the menu options provided to update the SET software directly.
The long list of included tools and options is impressive and varied in both BackBox Linux and SET, so I'd fully encourage you to investigate both for yourself.
For SET, in particular, especially if you're new to social engineering, I would recommend reading through some of the comprehensive website content provided by SEF, which includes podcasts, a blog, book recommendations, and notifications about events, among other guidance. A list of example attacks [15] got me thinking about the effectiveness of social engineering.
Consider for a moment a real-life occurrence of one of the examples [16] listed on that page: "A phishing attack in January 2016 gave hackers illegal access to the Department of Interior network through remote logins on at least eight Gmail accounts, according to a report released May 24 by the Office of the Investigator General at DOI."
Undoubtedly, tools like SET and toolkits like BackBox Linux are invaluable to protect innocent users against such potentially devastating attacks, and I hope you'll enjoy learning more about them as much as I have.
Infos
- "Social engineering: The biggest security risk to your business" by Davey Winder, IT Pro , 23 May 2018: https://www.itpro.co.uk/social-engineering/30017/social-engineering-the-biggest-security-risk-to-your-business
- BackBox Linux: https://www.backbox.org
- Xfce: https://www.xfce.org
- Ubuntu PPAs: https://launchpad.net/ubuntu/+ppas
- BackBox Linux download: https://www.backbox.org/download
- BackBox cloud: https://linux.backbox.org/cloud
- BackBox community: https://community.backbox.org
- "VirtualBox + Secure Boot + Ubuntu = fail" by ÿyvind Stegard: https://stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail
- "ZAP provides automated security tests in continuous integration pipelines" by Chris Binnie, ADMIN , issue 41, 2017, pg. 58, http://www.admin-magazine.com/Archive/2017/41/ZAP-provides-automated-security-tests-in-continuous-integration-pipelines
- Social Engineering Framework: https://www.social-engineer.org/framework/general-discussion/social-engineering-defined
- "Using empathy to use people: Emotional intelligence and manipulation" by Jamil Zaki, November 7, 2013: https://blogs.scientificamerican.com/moral-universe/using-empathy-to-use-people-emotional-intelligence-and-manipulation/
- Social engineering on Wikipedia: https://en.wikipedia.org/wiki/Social_engineering_(security)#Six_key_principles
- Social engineering defined: https://www.social-engineer.org/framework/general-discussion/social-engineering-defined
- SET on GitHub: https://github.com/trustedsec/social-engineer-toolkit
- Sample attacks: https://www.social-engineer.org/framework/general-discussion/attackers-might-use-social-engineering
- DOI Phishing Attack: https://www.meritalk.com/articles/doi-phishing-attack-compromised-8-gmail-accounts
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)