Social Engineering Framework

[begood]

Informatii cu si despre Social Engineering

  PART I: GENERAL DISCUSSION

    I. Social Engineering Defined
    II. Categories of Social Engineers

        A. Hackers
        B. Penetration Testers
        C. Spies or Espionage
        D. Identity Thieves
        E. Disgruntled Employees
        F. Information Brokers
        G. Scam Artists
        H. Executive Recruiters
        I. Sales People
        J. Governments
        K. Everyday People

    III. Why Attackers Might Use Social Engineering
    IV. Typical Goals
    V. The Attack Cycle
    VI. Common Attacks

        A. Customer Service
        B. Tech Support
        C. Delivery Person
        D. Phone

    VII. Real World Examples

        A. Con Men
        B. Phishing
        C. Politicians
        D. Crime Victims

PART II: INFORMATION GATHERING

    I. How to Gather Information

        A. Research
        B. Dumpster Diving

    II. Sources

        A. Traditional
        B. Non-Traditional

    III. Communication Models

PART III: ELICITATION

    I. Definition
    II. Goals
    III. Preloading
    IV. Becoming a Successful Elicitor

PART IV: PRETEXTING

    I. Definition
    II. Principles and Planning
    III. Successful Pretexting

PART V: PSYCHOLOGICAL PRINCIPLES

    I. Modes of Thinking
    II. Eye Cues
    III. Micro-Expressions
    IV. Neuro-Linguistic Programming (NLP)

        A. Voice in NLP

    V. The Human Buffer Overflow
    VI. Interview and Interrogation
    VII. Instant Rapport

PART VI: INFLUENCING OTHERS

    I. Influence Tactics

        A. Reciprocation

            1. Obligation
            2. Concession

        B. Scarcity
        C. Authority
        D. Commitment and Consistency
        E. Liking
        F. Consensus or Social Proof

    II. Framing
    III. Manipulation of Incentives

PART VII: SOCIAL ENGINEERING TOOLS

    I. Physical

        A. Lock Picking and Shims
        B. Cameras
        C. GPS Tracker
        D. Pen Recorder

    II. Computer Based

        A. Maltego
        B. Maltego Mesh
        C. Social Engineer Toolkit (SET)
        D. Common User Passwords Profiler (CUPP)
        E. Who's Your Daddy Password Profiler (WYD)

    III. Phone

        A. Caller ID Spoofing

Computer Based Social Engineering Tools: Social Engineer Toolkit (SET)

The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit[1] payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering.

Podcast : http://www.social-engineer.org/framework/Podcast

Episode 001 - Interrogation and Interview Tactics - Released - 05 Oct 2009

Episode 002 - Pretexting - Not Just For Social Engineers - Released - 09 Nov 2009

Episode 003 - Framing - Alter the Reality Frame - Released - 14 Dec 2009

Episode 004 - NLP, SE and Manipulation Secrets Revealed - Released - 11 Jan 2010

Episode 005 - Exclusive Interview with the BackTrack 4 Development Team - Released - 18 Jan 2010

Episode 006 - Using the Information Gathered as a Social Engineer - Released - 08 Feb 2010

download

Edited March 3, 2010 by begood