Social Engineering Framework

Information Gathering

Pretext ingInfluence

PresuasionElicitation

context for studying

prevalentunderstand attacks to defend againstjobs social engineering penetrator testingMost social engineering is illegal or at least

unethical

Information Gatheringlearn about target company people etc

Web searches LinkedIn names of employees pustoorgan.cat on chart social networking etc

Maltego toolPassword Profiling tool

Vacation Planschain command in the companychanges when people are way

temporary replacement don't know protocols

or people that typically visit

Disruptionconstruction emergencies etc

Employee interests

Garbage Dumpster Divingcompany data bills username leasswords e

PretextImpersonating someone you are not

To get within reach of your target

Mi Pretextbecome an expertconfident

script o t possible conversationsdon't memorize

lying is cognitively demandingrecord the conversationchoose pretexts that require less think'y

on their feetsmall details are important

uniform equipment carried how the social engineertalks etc

Influencehave a specific goal plan ahead have contingency

plans have an exit planexploit disruption

people on vacation construction etc

Influence Elicitation

get information that shouldn't be disclosed

build a rapportyet the target to like youexpress mutual interests

appeal to the target's egopurposely mis state a fact

human nature to correct you andd.sc use the real fact

assumed knowledgeif the social engineer alreadyknows insider information they aresafer to disclose secrets to

preloadsprinkle conversation with topic

Influence Persuass on

get the target to do something thatrequires their authorization

build rapport empathy indebtedness

ask for a lot and then concedeuse emotional manipulationfear anger coercion anxietyattackers do it ethical hackers won't

RSIthe

companyflagship product is the RSA token

username password 2 password

TElxqggg'm

attacker stole this

Reduces 2FA to file with all RSA tokensequences

LFA

spearphising Attack

Adversary emailed a handful of peoplein HR

real people who work togethernatural recepients

spoofed from address to look likeit was from a real RSA

employee

2011 Recruitment Plan Xsl

embedded flash script1 excel file

0 day exploit in flashcompromised machine

attacker moved laterally through networkto the target server

details weren't specified

exfattrated data

more data w o detection bynetwork monitors

RSA tokens were recalled and re issued

E Bitcoin Exchange Service

Exchange

BTC 0webservice

server that runs theservice

Ottawa datacentreGranite NetworRogers

B to is sitting on the server

usually split between online

hot wallet and an offlineCold storage

in this case hot wallet held 400kworth of Bitcoin

Adversaryweb chat support

pretext owner of the exchangeask for virtual access

convinced support that they were the

ownerinsider knowledge that

service was hosted byGranite Networks

Support walked to the locker

they rebooted server into safenude plugged a laptop into the

server

Adversary stole all the Bitcoin

Examele3imatLsseesl.des