1
00:00:01,310 --> 00:00:07,970
The basic goals of social engineering are the same as hacking in general to gain unauthorized access

2
00:00:07,970 --> 00:00:15,260
to systems or collect information in order to commit fraud, network intrusion, industrial espionage,

3
00:00:15,500 --> 00:00:20,780
identity theft, or to simply disrupt the system or network.

4
00:00:22,130 --> 00:00:26,630
You can see different classifications for social engineering attacks here.

5
00:00:26,750 --> 00:00:29,150
We classify these attacks into three groups.

6
00:00:30,310 --> 00:00:36,160
Physical social engineering attacks in this type of social engineering attack, the attacker tries to

7
00:00:36,160 --> 00:00:42,120
gather information by being physically present in the social engineering environment if it's possible.

8
00:00:42,400 --> 00:00:48,040
They also observe the people using their persuasion skills or some tools to collect data.

9
00:00:49,710 --> 00:00:55,860
Social engineering by phone calling the victim, the attacker usually tries to collect some critical

10
00:00:55,860 --> 00:00:57,220
information about the victim.

11
00:00:57,660 --> 00:01:04,470
In addition, the attacker can try to deceive the victim to visit a malicious website or install a malicious

12
00:01:04,470 --> 00:01:05,960
piece of software as well.

13
00:01:07,070 --> 00:01:09,200
Computer aided social engineering attacks.

14
00:01:09,770 --> 00:01:14,180
Now, most cases, this type of social engineering attack is performed as a phishing attack.

15
00:01:14,690 --> 00:01:19,250
Phishing is typically carried out by email spoofs or instant messaging.

16
00:01:19,580 --> 00:01:23,630
It often directs users to enter personal information at a fake Web site.

17
00:01:23,960 --> 00:01:27,950
Now, the look and feel of that Web site are identical to the legitimate one.

18
00:01:28,160 --> 00:01:32,720
And the only difference is the Eurail of the Web site that they're visiting.

19
00:01:32,990 --> 00:01:37,820
Just like all of the hacking or pen testing types, the steps of the social engineering attacks are

20
00:01:38,540 --> 00:01:42,830
reconnaissance, scanning, exploitation.

21
00:01:43,950 --> 00:01:45,630
And post exploitation.

22
00:01:46,850 --> 00:01:51,500
In reconnaissance steps, you trying to collect everything which will help you to perform a successful

23
00:01:51,500 --> 00:01:51,890
attack?

24
00:01:52,130 --> 00:01:54,860
Here are some examples of the information you collect.

25
00:01:56,760 --> 00:02:03,420
Information about the people who are related to the target company employees, employers, subcontractors,

26
00:02:03,420 --> 00:02:10,590
shareholders, clients, etc., security measures of the company, so you can look for the evasion techniques.

27
00:02:11,970 --> 00:02:17,910
Which Internet browser is used mostly, what is the most common version of that browser, if you know

28
00:02:17,910 --> 00:02:22,200
this, you can prepare your malicious websites to work with that browser.

29
00:02:24,420 --> 00:02:30,240
Like Internet browsers, you should be better in collecting the versions of the programs widely used

30
00:02:30,240 --> 00:02:37,170
inside the company versions of the Java runtime environment, PDF, reader office tools, etc..

31
00:02:39,200 --> 00:02:44,870
Company sensitive data, if you know the name of the director of the Human Resources Department, you

32
00:02:44,870 --> 00:02:48,980
can prepare a phishing email as if it was sent by the director.

33
00:02:50,760 --> 00:02:53,130
Exploitation step is the attack time.

34
00:02:54,570 --> 00:02:59,970
Call the victims if you can redirect the victims phones to call you.

35
00:03:01,390 --> 00:03:07,570
Prepare websites to use the vulnerabilities of the browser widely used in the target company and force

36
00:03:07,570 --> 00:03:14,530
the victim to visit the website, prepare malware and force the victim to open it, send the malware

37
00:03:14,560 --> 00:03:22,570
as an attachment to a phishing email or in an instant message or in a promotion CD-ROM distributed in

38
00:03:22,570 --> 00:03:26,560
the company or in a flash drive as a gift to the victim.

39
00:03:27,880 --> 00:03:36,070
Post exploitation is deep diving, the actions of this step are to see how far you can go inside the

40
00:03:36,070 --> 00:03:42,730
company accessing the most sensitive systems and information, creating back doors for further use,

41
00:03:42,880 --> 00:03:43,660
etc..

42
00:03:45,030 --> 00:03:51,480
In addition to human weakness, system weaknesses are also used in phishing attacks, you can use the

43
00:03:51,480 --> 00:03:58,950
vulnerabilities of Web browsers, Java applications, office documents, Web applications to compromised

44
00:03:58,950 --> 00:04:05,520
the target systems, use some realistic scenarios to get the victims to run the malicious software,

45
00:04:05,850 --> 00:04:12,390
or prepare malicious websites and deceive the victim to visit these websites so you can collect the

46
00:04:12,390 --> 00:04:14,640
sensitive data from the victims.

47
00:04:16,930 --> 00:04:23,380
Of course, there will be some security systems used by the target company, you can use some techniques

48
00:04:23,380 --> 00:04:24,850
and tricks to bypass them.

49
00:04:26,490 --> 00:04:34,320
In general and use of computers of a company are restricted by security systems to reach the ports except

50
00:04:34,320 --> 00:04:43,280
80 and 443, as you know, these two ports of the default ports of the TTP and HTTPS.

51
00:04:43,770 --> 00:04:50,850
For this reason, you should use the ports 80 or ForFour three for connection on the attackers side.

52
00:04:52,840 --> 00:04:59,440
If the target machine is behind a different private network or the target machine's firewall blocks

53
00:04:59,440 --> 00:05:04,300
incoming connection attempts, then you should consider using a reverse connection.

54
00:05:04,570 --> 00:05:08,800
In a reverse connection, the attacker sets up a listener first on his box.

55
00:05:09,160 --> 00:05:13,210
The target machine acts as a client connecting to that listener.

56
00:05:14,730 --> 00:05:21,630
Security devices can realize there's malware inside the attachments of emails in this case, try archiving

57
00:05:21,630 --> 00:05:28,080
the files several times and protect that archive with a password, changing the extension of the file.

58
00:05:28,110 --> 00:05:34,740
For example, let's take a zip file extension and change it to dot zei underscore.

59
00:05:34,980 --> 00:05:38,730
That might be another try to bypass email security measures.

60
00:05:40,380 --> 00:05:47,190
If the email content controller blocks the IP data inside the email body, you might consider using

61
00:05:47,190 --> 00:05:47,490
U.

62
00:05:47,490 --> 00:05:48,660
RL shortness.

63
00:05:50,530 --> 00:05:58,380
To bypass intrusion detection and prevention systems, IPS, IDs, antivirus systems, use custom payloads

64
00:05:58,380 --> 00:06:01,980
instead of existing payloads created by the frameworks like Meeta Spoiled.

65
00:06:03,520 --> 00:06:07,390
And of course, you should encode the payload before embedding it.