1
00:00:01,310 --> 00:00:07,970
‫The basic goals of social engineering are the same as hacking in general to gain unauthorized access

2
00:00:07,970 --> 00:00:11,990
‫to systems or collect information in order to commit fraud.

3
00:00:12,410 --> 00:00:20,750
‫Network intrusion, industrial espionage, identity theft or to simply disrupt the system or network.

4
00:00:22,100 --> 00:00:25,760
‫You can see different classifications for social engineering attacks.

5
00:00:26,180 --> 00:00:29,120
‫Here we classify these attacks into three groups.

6
00:00:30,310 --> 00:00:36,160
‫Physical social engineering attacks in this type of social engineering attack, the attacker tries to

7
00:00:36,160 --> 00:00:40,630
‫gather information by being physically present in the social engineering environment.

8
00:00:41,230 --> 00:00:47,530
‫If it's possible, they also observe the people using their persuasion skills or some tools to collect

9
00:00:47,530 --> 00:00:48,010
‫data.

10
00:00:49,740 --> 00:00:55,830
‫Social engineering by phone calling the victim, the attacker usually tries to collect some critical

11
00:00:55,830 --> 00:00:57,210
‫information about the victim.

12
00:00:57,660 --> 00:01:04,440
‫In addition, the attacker can try to deceive the victim to visit a malicious website or install a malicious

13
00:01:04,440 --> 00:01:05,940
‫piece of software as well.

14
00:01:07,040 --> 00:01:12,410
‫Computer aided social engineering attacks now in most cases, this type of social engineering attack

15
00:01:12,410 --> 00:01:14,180
‫is performed as a phishing attack.

16
00:01:14,690 --> 00:01:19,220
‫Phishing is typically carried out by email spoofs or instant messaging.

17
00:01:19,580 --> 00:01:23,600
‫It often directs users to enter personal information at a fake website.

18
00:01:23,960 --> 00:01:29,540
‫Now, the look and feel of that website are identical to the legitimate one, and the only difference

19
00:01:29,750 --> 00:01:32,690
‫is the new URL of the website that they're visiting.

20
00:01:32,960 --> 00:01:37,820
‫Just like all of the hacking or pin testing types, the steps of the social engineering attacks are

21
00:01:38,540 --> 00:01:42,830
‫reconnaissance scanning exploitation.

22
00:01:43,950 --> 00:01:45,600
‫And post exploitation.

23
00:01:46,880 --> 00:01:51,500
‫In reconnaissance steps, you trying to collect everything which will help you to perform a successful

24
00:01:51,500 --> 00:01:51,890
‫attack.

25
00:01:52,160 --> 00:01:54,850
‫Here are some examples of the information you collect.

26
00:01:56,760 --> 00:02:03,390
‫Information about the people who are related to the target company, employees, employers, subcontractors,

27
00:02:03,390 --> 00:02:10,560
‫shareholders, clients, etc. security measures of the company, so you can look for the evasion techniques.

28
00:02:11,940 --> 00:02:14,190
‫Which Internet browser is used mostly.

29
00:02:14,310 --> 00:02:17,040
‫What is the most common version of that browser?

30
00:02:17,280 --> 00:02:22,170
‫If you know this, you can prepare your malicious websites to work with that browser.

31
00:02:24,390 --> 00:02:30,210
‫Like internet browsers, you should be better in collecting the versions of the programs widely used

32
00:02:30,210 --> 00:02:31,260
‫inside the company.

33
00:02:31,650 --> 00:02:37,140
‫Versions of the Java runtime environment, PDF reader offers tools, et cetera.

34
00:02:39,200 --> 00:02:44,840
‫Company sensitive data, if you know the name of the director of the human resources department, you

35
00:02:44,840 --> 00:02:48,950
‫can prepare a phishing email as if it was sent by the director.

36
00:02:50,730 --> 00:02:53,100
‫Exploitation step is the attack time.

37
00:02:54,570 --> 00:02:59,970
‫Call the victims if you can redirect the victims phones to call you.

38
00:03:01,390 --> 00:03:07,570
‫Prepare websites to use the vulnerabilities of the browser widely used in the target company and force

39
00:03:07,570 --> 00:03:14,530
‫the victim to visit the website, prepare malware and force the victim to open it, send the malware

40
00:03:14,530 --> 00:03:22,570
‫as an attachment to a phishing email or in an instant message or in a promotion CD rom distributed in

41
00:03:22,570 --> 00:03:26,560
‫the company or in a flash drive as a gift to the victim.

42
00:03:27,880 --> 00:03:30,970
‫Post exploitation is deep diving.

43
00:03:31,570 --> 00:03:36,580
‫The actions of this step are to see how far you can go inside the company.

44
00:03:37,060 --> 00:03:40,000
‫Accessing the most sensitive systems and information.

45
00:03:40,270 --> 00:03:43,630
‫Creating backdoors for further use, etc..

46
00:03:45,060 --> 00:03:50,250
‫In addition to human weakness, system weaknesses are also used in phishing attacks.

47
00:03:50,730 --> 00:03:57,750
‫You can use the vulnerabilities of web browsers, Java applications, office documents, web applications

48
00:03:57,870 --> 00:04:04,920
‫to compromise the target systems use some realistic scenarios to get the victims to run the malicious

49
00:04:04,920 --> 00:04:12,270
‫software or prepare malicious websites and deceive the victim to visit these websites so you can collect

50
00:04:12,270 --> 00:04:14,610
‫the sensitive data from the victim's.

51
00:04:16,960 --> 00:04:21,370
‫Of course, there will be some security systems used by the target company.

52
00:04:21,820 --> 00:04:24,820
‫You can use some techniques and tricks to bypass them.

53
00:04:26,520 --> 00:04:34,260
‫In general and use of computers of a company are restricted by security systems to reach the ports except

54
00:04:34,260 --> 00:04:36,000
‫80 and 443.

55
00:04:36,510 --> 00:04:43,260
‫As you know, these two ports are the default ports of the HTTP and HTTPS.

56
00:04:43,800 --> 00:04:50,820
‫For this reason, you should use the ports 80 or 443 for connection on the attacker's side.

57
00:04:52,840 --> 00:05:00,040
‫If the target machine is behind a different private network or the target machines firewall blocks incoming

58
00:05:00,040 --> 00:05:04,300
‫connection attempts, then you should consider using a reverse connection.

59
00:05:04,570 --> 00:05:08,770
‫In a reverse connection, the attacker sets up a listener first on his box.

60
00:05:09,130 --> 00:05:13,180
‫The target machine acts as a client connecting to that listener.

61
00:05:14,760 --> 00:05:21,630
‫Security devices can realize there's malware inside the attachments of emails in this case, try archiving

62
00:05:21,630 --> 00:05:28,080
‫the file several times and protect that archive with a password changing the extension of the file,

63
00:05:28,090 --> 00:05:28,890
‫for example.

64
00:05:29,190 --> 00:05:34,740
‫Let's take a short zip file extension and change it to Zei underscore.

65
00:05:34,980 --> 00:05:38,700
‫That might be another try to bypass email security measures.

66
00:05:40,380 --> 00:05:47,160
‫If the email content controller blocks the IP data inside the email body, you might consider using

67
00:05:47,160 --> 00:05:48,630
‫you URLs shortness.

68
00:05:50,550 --> 00:05:58,350
‫To bypass intrusion detection and prevention systems, IPS IDs anti-virus systems use custom payloads

69
00:05:58,350 --> 00:06:01,950
‫instead of existing payloads created by the frameworks like Metis spoiled.

70
00:06:03,520 --> 00:06:07,330
‫And of course, you should encode the payload before embedding it.