Guarding against social engineering attacks

Persuasion

It Ends Here

The Social-Engineer Toolkit has simply too many facets to cover here. If you keep rummaging, you'll find WiFi tools for wireless monitoring, testing, cracking, and attacking, and I haven't even mentioned the menu options provided to update the SET software directly.

The long list of included tools and options is impressive and varied in both BackBox Linux and SET, so I'd fully encourage you to investigate both for yourself.

For SET, in particular, especially if you're new to social engineering, I would recommend reading through some of the comprehensive website content provided by SEF, which includes podcasts, a blog, book recommendations, and notifications about events, among other guidance. A list of example attacks [15] got me thinking about the effectiveness of social engineering.

Consider for a moment a real-life occurrence of one of the examples [16] listed on that page: "A phishing attack in January 2016 gave hackers illegal access to the Department of Interior network through remote logins on at least eight Gmail accounts, according to a report released May 24 by the Office of the Investigator General at DOI."

Undoubtedly, tools like SET and toolkits like BackBox Linux are invaluable to protect innocent users against such potentially devastating attacks, and I hope you'll enjoy learning more about them as much as I have.

Infos

  1. "Social engineering: The biggest security risk to your business" by Davey Winder, IT Pro , 23 May 2018: https://www.itpro.co.uk/social-engineering/30017/social-engineering-the-biggest-security-risk-to-your-business
  2. BackBox Linux: https://www.backbox.org
  3. Xfce: https://www.xfce.org
  4. Ubuntu PPAs: https://launchpad.net/ubuntu/+ppas
  5. BackBox Linux download: https://www.backbox.org/download
  6. BackBox cloud: https://linux.backbox.org/cloud
  7. BackBox community: https://community.backbox.org
  8. "VirtualBox + Secure Boot + Ubuntu = fail" by ÿyvind Stegard: https://stegard.net/2016/10/virtualbox-secure-boot-ubuntu-fail
  9. "ZAP provides automated security tests in continuous integration pipelines" by Chris Binnie, ADMIN , issue 41, 2017, pg. 58, http://www.admin-magazine.com/Archive/2017/41/ZAP-provides-automated-security-tests-in-continuous-integration-pipelines
  10. Social Engineering Framework: https://www.social-engineer.org/framework/general-discussion/social-engineering-defined
  11. "Using empathy to use people: Emotional intelligence and manipulation" by Jamil Zaki, November 7, 2013: https://blogs.scientificamerican.com/moral-universe/using-empathy-to-use-people-emotional-intelligence-and-manipulation/
  12. Social engineering on Wikipedia: https://en.wikipedia.org/wiki/Social_engineering_(security)#Six_key_principles
  13. Social engineering defined: https://www.social-engineer.org/framework/general-discussion/social-engineering-defined
  14. SET on GitHub: https://github.com/trustedsec/social-engineer-toolkit
  15. Sample attacks: https://www.social-engineer.org/framework/general-discussion/attackers-might-use-social-engineering
  16. DOI Phishing Attack: https://www.meritalk.com/articles/doi-phishing-attack-compromised-8-gmail-accounts

The Author

Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against such attacks. In the book, he also shows you how to make your servers invisible, perform penetration testing, and mitigate unwelcome attacks. You can find out more about DevOps, DevSecOps, Containers, and Linux security on his website: https://www.devsecops.cc.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus