Social Engineering and Manipulation

Course: Dean Pompilio on "Social Engineering and Manipulation" at Cybrary

Social Engineering (SE) Tools:

*Cewl
Use Cewl’s spidering process to generate a word list for password cracking

*Cupp
This tool allows you to generate a list of possible passwords to use in the Dictionary file.
cupp.py -l
cupp.py -

*Creepy
Account enumerator tool that does account harvesting

*Dradis
SE platform

*Google
[site: edu|org + inurl:"faculty_login.asp | .php"
intitle:"Index Of" intext:"iCloud Photos" ORintext:"My Photo Stream" OR intext:"Camera Roll"
intitle:"Index of" "DCIM"
inurl"CrazyWWWBoard.cgi intext:"detailed debugging information"
intitle:"Retina Report" intext:"Confidential Information"]

*Maltego
Data visualization tool

*Recon-NG
show modules
use netcraft
set  source [ANY WEBSITE NAME]
show hosts
use recon/hosts-hosts/resolve
run
use discovery/info_disclosure/interesting_files
use recon/domains-hosts/brute_hosts
use ipinfodb
use pgp
del contactds 1-12
use recon/contacts-credentials/pwnedlist
use reporting/html

*Scythe Framework
Account enumerator tool that does account harvesting. 

*Creepy
Allows to do geolocation for a target by using various social networking platforms to track individuals.

*Shodan
Crawls the Internet and identifies IP addresses that have a service running. Then it does a banner grab of the service that is running, and it saves the banner information. 

Social Engineering Toolkit (SET) [*use TinyURL to obfuscate links]

Exploitation Lifecycle:
*Reconnaissance
*Scanning
*Gaining Access
*Maintaining Access
*Cleaning Tracks

Reconnaissance:
Digital Information Gathering
Network lookups
Traceroutes
Social Engineering?

Scanning
Port Scanning
OS Identification
Social Engineering

Gaining Access
Social Engineering
    Phishing
    Spear-phishing
    Whaling
Watering hole
    Infecting sites well known to victims
USB drop
    Bars & clubs
    Coffee shops
    Universities

Maintaining access
Stealthy, persistent software/hardware implant
Rootkits & backdoors
Adding a firewall exception
Social Engineering?

Covering Tracks
Deleting logs
Disabling auditing
Social engineering

Social Engineering Technique: Interactive Voice Response (IVR)
*Recreate a legitimate-sounding copy of a institutions IVR system
*Prompt victim with phishing email to verify information using fraudulent IVR

Social Engineering Technique: Quid Pro Quo
*Cold call as technical support in hopes of reaching a person with a significant problem
*Victim discloses private information and/or installs malware

Recon-ng
show modules
use netcraft
set  source [ANY WEBSITE NAME]
show hosts
use recon/hosts-hosts/resolve
run
use discovery/info_disclosure/interesting_files
use recon/domains-hosts/brute_hosts
use ipinfodb
use pgp
del contactds 1-12
use recon/contacts-credentials/pwnedlist
use reporting/html

Social Engineering Techniques: Targeting
* Information gathering is key
* Make it personal
    Show depth
    Be authentic
    Provide incentive for revealing information