Guarding against social engineering attacks

Persuasion

It Ends Here

The Social-Engineer Toolkit has simply too many facets to cover here. If you keep rummaging, you'll find WiFi tools for wireless monitoring, testing, cracking, and attacking, and I haven't even mentioned the menu options provided to update the SET software directly.

The long list of included tools and options is impressive and varied in both BackBox Linux and SET, so I'd fully encourage you to investigate both for yourself.

For SET, in particular, especially if you're new to social engineering, I would recommend reading through some of the comprehensive website content provided by SEF, which includes podcasts, a blog, book recommendations, and notifications about events, among other guidance. A list of example attacks [15] got me thinking about the effectiveness of social engineering.

Consider for a moment a real-life occurrence of one of the examples [16] listed on that page: "A phishing attack in January 2016 gave hackers illegal access to the Department of Interior network through remote logins on at least eight Gmail accounts, according to a report released May 24 by the Office of the Investigator General at DOI."

Undoubtedly, tools like SET and toolkits like BackBox Linux are invaluable to protect innocent users against such potentially devastating attacks, and I hope you'll enjoy learning more about them as much as I have.

Infos

"Social engineering: The biggest security risk to your business" by Davey Winder, IT Pro , 23 May 2018: https://www.itpro.co.uk/social-engineering/30017/social-engineering-the-biggest-security-risk-to-your-business
BackBox Linux: https://www.backbox.org
Xfce: https://www.xfce.org
Ubuntu PPAs: https://launchpad.net/ubuntu/+ppas
BackBox Linux download: https://www.backbox.org/download
BackBox cloud: https://linux.backbox.org/cloud
BackBox community: https://community.backbox.org
"VirtualBox + Secure Boot + Ubuntu = fail" by ÿyvind Stegard: https://stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail
"ZAP provides automated security tests in continuous integration pipelines" by Chris Binnie, ADMIN , issue 41, 2017, pg. 58, http://www.admin-magazine.com/Archive/2017/41/ZAP-provides-automated-security-tests-in-continuous-integration-pipelines
Social Engineering Framework: https://www.social-engineer.org/framework/general-discussion/social-engineering-defined
"Using empathy to use people: Emotional intelligence and manipulation" by Jamil Zaki, November 7, 2013: https://blogs.scientificamerican.com/moral-universe/using-empathy-to-use-people-emotional-intelligence-and-manipulation/
Social engineering on Wikipedia: https://en.wikipedia.org/wiki/Social_engineering_(security)#Six_key_principles
Social engineering defined: https://www.social-engineer.org/framework/general-discussion/social-engineering-defined
SET on GitHub: https://github.com/trustedsec/social-engineer-toolkit
Sample attacks: https://www.social-engineer.org/framework/general-discussion/attackers-might-use-social-engineering
DOI Phishing Attack: https://www.meritalk.com/articles/doi-phishing-attack-compromised-8-gmail-accounts

The Author

Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against such attacks. In the book, he also shows you how to make your servers invisible, perform penetration testing, and mitigate unwelcome attacks. You can find out more about DevOps, DevSecOps, Containers, and Linux security on his website: https://www.devsecops.cc.

« Previous 1 2 3 4