- [ Certified Ethical Hacker v10 ] :: [ TOC ]
- [ Certified Ethical Hacker v10 ] :: [ Syllabus ]
- [ Certified Ethical Hacker v10 ] :: [ Chapters 1 & 2 ] :: Footprinting and Reconnaissance
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 ] :: Scanning
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 cont’d ] :: Enumeration
- [ Certified Ethical Hacker v10 ] :: [ Chapter 3 cont’d ] :: Vulnerability Analysis
- [ Certified Ethical Hacker v10 ] :: [ Chapter 4 ] :: Sniffing, Evasion and Packet Analysis
- [ Certified Ethical Hacker v10 ] :: [ Chapter 5 ] :: System Hacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 5 cont’d] :: Hash Cracking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 ] :: Web Servers and Applications
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: SQL Injection
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: sqlmap
- [ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: Burp Suite
- [ Certified Ethical Hacker v10 ] :: [ Chapter 7 ] :: WiFi Hacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 8 ] :: Hacking Mobile Devices
- [ Certified Ethical Hacker v10 ] :: [ Chapter 8 cont’d ] :: Hacking the Internet of Things
- [ Certified Ethical Hacker v10 ] :: [ Chapter 9 ] :: Hacking in the Cloud
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 ] :: Trojans, Backdoors, Viruses and Worms
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Denial of Service
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Buffer Overflow
- [ Certified Ethical Hacker v10 ] :: [ Chapter 10 cont’d] :: Session Hijacking
- [ Certified Ethical Hacker v10 ] :: [ Chapter 11 ] :: Cryptography
- [ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Social Engineering
- [ Certified Ethical Hacker v10 ] :: [ Chapter 12 ] :: Physical Security
- [ Certified Ethical Hacker v10 ] :: [ Chapter 13 ] :: Pen Testing Methodology
- [ CEH Training ] :: [ Day 7 ]
- Using the GNU Debugger: John Hammond
- [ Review ] :: EC-Council’s iLabs Platform
- [ Certified Ethical Hacker v10 ] :: Using ngrok to Set a Trap From Inside NAT
- [ Certified Ethical Hacker v10 ] :: [ Practical ] :: Become a CEH Master
Social Engineering
Social engineering falls into the category of non-technical attacks. Quite bluntly, you’re not likely to see much or any of this on the CEH exam, other than the phishing topics. So we’ll give you targeted lists of words to recognize and topics to know.
Vocabulary
“Rebecca” and “Jessica” are the stereotype names for potential victims.
Fake AV
Rogue Security (a fake AV)
What is the Weakest Link
The user. Always the freakin’ user.
Which User Is Most Dangerous?
This is insider vs. outsider, and the insider is always deadlier.
EC-Council’s Steps of Social Engineering
- Research (the usual Reconnaissance steps)
- Select a victim
- Develop a relationship
- Exploit it
Why Social Engineering Works
- Human nature: our inborn instincts to trust and assist
- Ignorance that SE even happens
- Fear of failing to properly serve (customers or clients)
- Greed: we respond instantly to rewards
- Moral obligation: how we’ve been trained to behave
Techniques
- Shoulder surfing
- Dumpster diving
- Tailgating
- Piggybacking
- Eavesdropping
- Impersonation (pretexting)
- Phishing
Phishing
Phishing
Spear phishing
Whaling
Pharming (redirection of web traffic)
Spimming (over IM)
Phishing Prevention
Netcraft Toolbar
PhishTank Toolbar
Sign-in seals
Mobile-Based Attacks
Malicious apps in app stores
Repackaged legitimate apps
Fake security apps (fake AV)
SMS “Smishing” – an IM to call a phone number
Watch a Pro in Action
SET (the Social Engineering Toolkit) is Included in Kali
Loi Liang Yang demonstrates credential harvesting:
And phishing:
https://www.youtube.com/watch?v=sZ8jlQPhbLU
Cybrary’s Free YouTube Course
BeEF Makes Things Simple
The Browser Exploitation Framework consists of a simple web server and a terminal-based tool that supplies you with an example link. There’s nothing else to do but email your best friend a harmless link back to your BeEF server.
https://github.com/beefproject/beef/wiki/Configuration
Check out the NullByte video, and especially note the link to a full tutorial in the Description: