Social Engineering Framework
Information Gathering
Pretext ingInfluence
PresuasionElicitation
context for studying
prevalentunderstand attacks to defend againstjobs social engineering penetrator testingMost social engineering is illegal or at least
unethical
Information Gatheringlearn about target company people etc
Web searches LinkedIn names of employees pustoorgan.cat on chart social networking etc
Maltego toolPassword Profiling tool
Vacation Planschain command in the companychanges when people are way
temporary replacement don't know protocols
or people that typically visit
Disruptionconstruction emergencies etc
Employee interests
Garbage Dumpster Divingcompany data bills username leasswords e
PretextImpersonating someone you are not
To get within reach of your target
Mi Pretextbecome an expertconfident
script o t possible conversationsdon't memorize
lying is cognitively demandingrecord the conversationchoose pretexts that require less think'y
on their feetsmall details are important
uniform equipment carried how the social engineertalks etc
Influencehave a specific goal plan ahead have contingency
plans have an exit planexploit disruption
people on vacation construction etc
Influence Elicitation
get information that shouldn't be disclosed
build a rapportyet the target to like youexpress mutual interests
appeal to the target's egopurposely mis state a fact
human nature to correct you andd.sc use the real fact
assumed knowledgeif the social engineer alreadyknows insider information they aresafer to disclose secrets to
preloadsprinkle conversation with topic
Influence Persuass on
get the target to do something thatrequires their authorization
build rapport empathy indebtedness
ask for a lot and then concedeuse emotional manipulationfear anger coercion anxietyattackers do it ethical hackers won't
RSIthe
companyflagship product is the RSA token
username password 2 password
TElxqggg'm
attacker stole this
Reduces 2FA to file with all RSA tokensequences
LFA
spearphising Attack
Adversary emailed a handful of peoplein HR
real people who work togethernatural recepients
spoofed from address to look likeit was from a real RSA
employee
2011 Recruitment Plan Xsl
embedded flash script1 excel file
0 day exploit in flashcompromised machine
attacker moved laterally through networkto the target server
details weren't specified
exfattrated data
more data w o detection bynetwork monitors
RSA tokens were recalled and re issued
E Bitcoin Exchange Service
Exchange
BTC 0webservice
server that runs theservice
Ottawa datacentreGranite NetworRogers
B to is sitting on the server
usually split between online
hot wallet and an offlineCold storage
in this case hot wallet held 400kworth of Bitcoin
Adversaryweb chat support
pretext owner of the exchangeask for virtual access
convinced support that they were the
ownerinsider knowledge that
service was hosted byGranite Networks
Support walked to the locker
they rebooted server into safenude plugged a laptop into the
server
Adversary stole all the Bitcoin
Examele3imatLsseesl.des