“You’ll learn:
• How to use Open Source Intelligence tools (OSINT) like Recon-ng and whois
• Strategies for capturing a target’s info from social media, and using it to guess their password
• Phishing techniques like spoofing, squatting, and standing up your own webserver to avoid detection
• How to collect metrics about the success of your attack and report them to clients
• Technical controls and awareness programs to help defend against social engineering
An ethical introduction to social engineering, an attack technique that leverages psychology, deception, and publicly available information to breach the defenses of a human target in order to gain access to an asset. Social engineering is key to the effectiveness of any computer security professional.
Social engineering is the art of capitalizing on human psychology to compromise systems, not technical vulnerabilities. It’s an effective method of attack because even the most advanced security detection teams can do little to defend against an employee clicking a malicious link or opening a file in an email and even less to what an employee may say on a phone call. This book will show you how to take advantage of these ethically sinister techniques so you can better understand what goes into these attacks as well as thwart attempts to gain access by cyber criminals and malicious actors who take advantage of human nature.”
Author(s): Joe Gray
Edition: 1
Publisher: No Starch Press
Year: 2022
Language: English
Pages: 242
Acknowledgments
Introduction
Who This Book Is For
What You’ll Find in This Book
Summary
Part I: The Basics
Chapter 1: What Is Social Engineering?
Important Concepts in Social Engineering
Pretexting
Open Source Intelligence
Phishing
Spear Phishing
Whaling
Vishing
Baiting
Dumpster Diving
Psychological Concepts in Social Engineering
Influence
Manipulation
Rapport
Dr. Cialdini’s Six Principles of Persuasion
Sympathy vs. Empathy
Conclusion
Chapter 2: Ethical Considerations in Social Engineering
Ethical Social Engineering
Establishing Boundaries
Understanding Legal Considerations
Understanding Service Considerations
Debriefing After the Engagement
Case Study: Social Engineering Taken Too Far
Ethical OSINT Collection
Protecting Data
Following Laws and Regulations
Case Study: Ethical Limits of Social Engineering
Conclusion
Part II: Offensive Social Engineering
Chapter 3: Preparing for an Attack
Coordinating with the Client
Scoping
Defining Objectives
Defining Methods
Building Successful Pretexts
Using Specialized Operating Systems for Social Engineering
Following the Attack Phases
Case Study: Why Scoping Matters
Conclusion
Chapter 4: Gathering Business OSINT
Case Study: Why OSINT Matters
Understanding Types of OSINT
Business OSINT
Getting Basic Business Information from Crunchbase
Identifying Website Owners with WHOIS
Collecting OSINT from the Command Line with Recon-ng
Using Other Tools: theHarvester and OSINT Framework
Finding Email Addresses with Hunter
Exploiting Mapping and Geolocation Tools
Conclusion
Chapter 5: Social Media and Public Documents
Analyzing Social Media for OSINT
LinkedIn
Job Boards and Career Sites
Facebook
Instagram
Leveraging Shodan for OSINT
Using Shodan Search Parameters
Searching IP Addresses
Searching Domain Names
Searching Hostnames and Subdomains
Taking Automatic Screenshots with Hunchly
Pilfering SEC Forms
Conclusion
Chapter 6: Gathering OSINT About People
Using OSINT Tools for Analyzing Email Addresses
Finding Out If a User Has Been Breached with Have I Been Pwned
Enumerating Social Media Accounts with Sherlock
Enumerating Website Accounts with WhatsMyName
Analyzing Passwords with Pwdlogy
Analyzing a Target’s Images
Manually Analyzing EXIF Data
Analyzing Images by Using ExifTool
Analyzing Social Media Without Tools
LinkedIn
Instagram
Facebook
Twitter
Case Study: The Dinner That Gave All the Gold Away
Conclusion
Chapter 7: Phishing
Setting Up a Phishing Attack
Setting Up a Secure VPS Instance for Phishing Landing Pages
Choosing an Email Platform
Purchasing Sending and Landing Page Domains
Setting Up the Phishing and Infrastructure Web Server
Additional Steps for Phishing
Using Tracking Pixels to Measure How Often Your Email Is Opened
Automating Phishing with Gophish
Adding HTTPS Support for Phishing Landing Pages
Using URL Shorteners in Phishing
Using SpoofCard for Call Spoofing
Timing and Delivery Considerations
Case Study: The $25 Advanced Persistent Phish
Conclusion
Chapter 8: Cloning a Landing Page
An Example of a Cloned Website
The Login Page
The Sensitive Questions Page
The Error Page
Harvesting the Information
Cloning a Website
Finding the Login and User Pages
Cloning the Pages by Using HTTrack
Altering the Login Field Code
Adding the Web Pages to the Apache Server
Conclusion
Chapter 9: Detection, Measurement, and Reporting
Detection
Measurement
Selection of Metrics
Ratios, Medians, Means, and Standard Deviations
The Number of Times an Email Is Opened
The Number of Clicks
Information Input into Forms
Actions Taken by the Victim
Detection Time
The Timeliness of Corrective Actions
The Success of Corrective Actions
Risk Ratings
Reporting
Knowing When to Make a Phone Call
Writing the Report
Conclusion
Part III: Defending Against Social Engineering
Chapter 10: Proactive Defense Techniques
Awareness Programs
How and When to Train
Nonpunitive Policies
Incentives for Good Behavior
Running Phishing Campaigns
Reputation and OSINT Monitoring
Implementing a Monitoring Program
Outsourcing
Incident Response
The SANS Incident Response Process
Responding to Phishing
Responding to Vishing
Responding to OSINT Collection
Handling Media Attention
How Users Should Report Incidents
Technical Controls and Containment
Conclusion
Chapter 11: Technical Email Controls
Standards
“From” Fields
Domain Keys Identified Mail
Sender Policy Framework
Domain-Based Message Authentication, Reporting, and Conformance
Opportunistic TLS
MTA-STS
TLS-RPT
Email Filtering Technologies
Other Protections
Conclusion
Chapter 12: Producing Threat Intelligence
Using Alien Labs OTX
Analyzing a Phishing Email in OTX
Creating a Pulse
Analyzing the Email Source
Inputting Indicators
Testing a Potentially Malicious Domain in Burp
Analyzing Downloadable Files
Conducting OSINT for Threat Intelligence
Searching VirusTotal
Identifying Malicious Sites on WHOIS
Discovering Phishes with PhishTank
Browsing ThreatCrowd
Consolidating Information in ThreatMiner
Conclusion
Appendix A: Scoping Worksheet
Appendix B: Reporting Template
Appendix C: Information-Gathering Worksheet
Appendix D: Pretexting Sample
Confused Employee
IT Inventory
Transparency Survey
Appendix E: Exercises to Improve Your Social Engineering
Help a Random Stranger and Then Prompt for “Flags”
Improv
Standup Comedy
Public Speaking/Toastmasters
Do OSINT Operations on Family and Friends
Compete in Social Engineering and OSINT CTFs
Index
