social engineering
play

Social Engineering Techniques, Methods, Tools & Mitigation - PowerPoint PPT Presentation

Mar 10, 2023 •220 likes •502 views

Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security Consultant Agenda Social Engineering Methodology Attacks & Techniques Demos Tools of the trade Prevention Methods and Advice

  1. Social Engineering Techniques, Methods, Tools & Mitigation Panagiotis Gkatziroulis, Security Consultant

  2. Agenda • Social Engineering Methodology • Attacks & Techniques • Demos • Tools of the trade • Prevention Methods and Advice

  3. What is Social Engineering?

  4. Invest in Products…

  5. Is Our Security Focus Wrong?

  6. Why Security Fail???

  7. Who Are The Threat Actors? • Aggrieved ex-employees • Internal Employees • Activists • Corporate Espionage • Blackhat Hackers

  8. Who Are The Targets?

  9. It Only Needs One…

  10. Social Engineering Methodology

  11. Social Engineering - Recon Digital • Search Engines • Email Harvesting • DNS Records • Social Medial • Metadata • Public Records Physical • Physical Walk • Dumpster Diving • Tailgate Employees to Lunch Breaks

  12. Social Engineering - Breach • Obtain Domain Credentials via Phishing Attacks • Obtain Network Level Access via Spear Phishing Attacks • Bypass Physical Security Defences and Obtain Corporate Documents

  13. Attack Vectors • Physical • Phishing • Telephone • Shoulder Surfing • Tailgating

  14. Social Engineering Tactics • Impersonation (Spoofed Emails, Telephone Attacks, Scenario-based attacks) • Urgency • Obligation • Authority • Flattering • Fear

  15. Do you recognize the signs?

  16. Do you recognize the signs?

  17. Do you recognize the signs?

  18. NCC Test Case

  19. Why This Attack Was Successful? 1. Trusted Source // IT Helpdesk 2. Promotes Fear // Accounts will be disabled Lesson Learned? Always Validate the Origin of the Information!!!

  20. Tools of The Trade • SET • TheHarvester • Recon-NG • Phishing Frenzy • PwnPlug Devices

  21. Physical to Cyber is Just One Port A way….

  22. Do You See These Stuff Often Internally?

  23. Mitigations • Limit Online Exposure • Email and Web Gateway Solutions (URL Sandboxing etc.) • Anti-tailgating Barriers • Social Engineering Assessments • Increase User Awareness via Trainings • Policies (Escort visitors etc.)

  24. Conclusion • False Sense of Security (PCI DSS, Products etc.) • Management People are Reactive NOT Proactive • Strong Physical && Weak Human == Pwned • Employees Must Feel Safe to Click Any Link Inside Their Company Environment!!!

  25. Any Questions???

  26. Website: trustforum.nccgroup.com Twitter: @NCCTrustForum Email: trustforum@nccgroup.com

  27. UK Offices North American Offices Australian Offices Manchester - Head Office San Francisco Sydney Cheltenham Atlanta Edinburgh New York Leatherhead Seattle London Thame European Offices Amsterdam - Netherlands Munich – Germany Zurich - Switzerland

Recommend

SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events

SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events

SOCIAL ENGINEERING Jake Johnson Sixto Bernal AGENDA What is social engineering? Current events Social engineering risks Mitigation Strategies Q&A WHAT IS SOCIAL ENGINEERING? The Art of Deception, Kevin Mitnick: "Social

449 views • 19 slides
Social Engineering UDLS September 11, 2015 Neil Newman Social engineering is a non-

Social Engineering UDLS September 11, 2015 Neil Newman Social engineering is a non-

Social Engineering UDLS September 11, 2015 Neil Newman Social engineering is a non- technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security

340 views • 16 slides
AGENDA Introduction and Bio What is Social Engineering? A T alk about Sales? What the

AGENDA Introduction and Bio What is Social Engineering? A T alk about Sales? What the

AGENDA Introduction and Bio What is Social Engineering? A T alk about Sales? What the Hell, you said Social Engineering?!? Profile? Process? Why not both! Defences against Social Engineering The Mystery Security T est

737 views • 50 slides
StealthWare Social Engineering Malware Running malware for Social Engineering and Covert

StealthWare Social Engineering Malware Running malware for Social Engineering and Covert

StealthWare Social Engineering Malware Running malware for Social Engineering and Covert Operations By: Joey Dreijer StealthWare Social Engineering Malware Social Engineering and Covert Operations Introduction Research Security

403 views • 21 slides
The Devil is in the details Social Engineering by means of Social Media B Y D A A N W A G E N A

The Devil is in the details Social Engineering by means of Social Media B Y D A A N W A G E N A

The Devil is in the details Social Engineering by means of Social Media B Y D A A N W A G E N A A R Y A N N I C K S C H E E L E N Introduction Online Social Networks LinkedIn (service data, disclosed data) Facebook

541 views • 51 slides
ECE590 Computer and Information Security Fall 2018 Human Factors and Social Engineering Tyler

ECE590 Computer and Information Security Fall 2018 Human Factors and Social Engineering Tyler

ECE590 Computer and Information Security Fall 2018 Human Factors and Social Engineering Tyler Bletsch Duke University Definition What is non-social engineering? Manipulating objects to achieve an end What is social engineering?

656 views • 19 slides
Computer and Information Security Fall 2020 Human Factors and Social Engineering Tyler Bletsch

Computer and Information Security Fall 2020 Human Factors and Social Engineering Tyler Bletsch

ECE590 Computer and Information Security Fall 2020 Human Factors and Social Engineering Tyler Bletsch Duke University Definition What is non-social engineering? Manipulating objects to achieve an end What is social engineering?

627 views • 21 slides
Computer and Information Security Fall 2019 Human Factors and Social Engineering Tyler Bletsch

Computer and Information Security Fall 2019 Human Factors and Social Engineering Tyler Bletsch

ECE590 Computer and Information Security Fall 2019 Human Factors and Social Engineering Tyler Bletsch Duke University Definition What is non-social engineering? Manipulating objects to achieve an end What is social engineering?

417 views • 19 slides
Social Engineering Fundamentals Exploiting the Human Bugs Anthony C. Zboralski

Social Engineering Fundamentals Exploiting the Human Bugs Anthony C. Zboralski

Social Engineering Fundamentals Exploiting the Human Bugs Anthony C. Zboralski <z@bellua.com> Social Engineering ... the social engineer is able to take advantage of people to obtain information with or without the use of

653 views • 18 slides
What is Social n Information Engineering? n Access to computer system n Revenge 2/15/12

What is Social n Information Engineering? n Access to computer system n Revenge 2/15/12

Thompson Consulting Group, LLC Disclaimer WWW.TgroupOnline.Com This course provides a basic overview of Social Engineering, and is not legal advice. There is no warranty, expressed or implied, in connection with making this program

340 views • 6 slides
Is a social network users behavior unique? 2 1 8/9/14 Has social data made

Is a social network users behavior unique? 2 1 8/9/14 Has social data made

8/9/14 Social Fingerprinting: Identifying Users of Social Networks by their Data Footprint The University of Tennessee Electrical Engineering and Computer Science Dissertation Defense Denise Koessler Gosnell Is a social network

458 views • 31 slides
Cyber Security: Social Engineering Mid-America Technology Alliance Wednesday June 18th, 2015

Cyber Security: Social Engineering Mid-America Technology Alliance Wednesday June 18th, 2015

Cyber Security: Social Engineering Mid-America Technology Alliance Wednesday June 18th, 2015 What is Social Engineering? Social engineering, in the context of information security, is the art of manipulating people so they give up

320 views • 10 slides
The iCloud Hack CMSC 334 Prof Szajda 1 Social Engineering Many of the slide here deal with

The iCloud Hack CMSC 334 Prof Szajda 1 Social Engineering Many of the slide here deal with

The iCloud Hack CMSC 334 Prof Szajda 1 Social Engineering Many of the slide here deal with Social Engineering. Thanks for those slides go to: The late Dr. Yosef Sherif, unknown colleague at UW-Madison, Mathew Sullivan at Iowa State, Tanya

1.25k views • 86 slides
Social Threats and the New Challenges for Requirements Engineering Fabiano Dalpiaz University

Social Threats and the New Challenges for Requirements Engineering Fabiano Dalpiaz University

Social Threats and the New Challenges for Requirements Engineering Fabiano Dalpiaz University of Trento, Italy RESC workshop August 29th, 2011 Outline Social computing: a viewpoint The new wave of social threats New challenges

348 views • 17 slides
Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide

Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide

Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide Balzarotti, Engin Kirda, Calton Pu Motivations Social Networks have experienced a huge surge in popularity Facebook has more than 500

336 views • 20 slides
Honeybot Your Man in the Middle for Automated Social Engineering Institute Eurecom Tobias

Honeybot Your Man in the Middle for Automated Social Engineering Institute Eurecom Tobias

Honeybot Your Man in the Middle for Automated Social Engineering Institute Eurecom Tobias Lauinger Davide Balzarotti Veikko Pankakoski Engin Kirda Automated Social Engineering iSecLab Institute Eurecom Spambot sending spam

633 views • 12 slides
OPSEC and defense agains social engineering for devels, execs, and sart-ups @KirilsSolovjovs on

OPSEC and defense agains social engineering for devels, execs, and sart-ups @KirilsSolovjovs on

OPSEC and defense agains social engineering for devels, execs, and sart-ups @KirilsSolovjovs on twitter Mg.sc.comp. Kirils Solovjovs http://kirils.org for more Possible Security Contents Problem: Social Engineering concepts

857 views • 23 slides
SOCIAL ENGINEERING FRAUD SO IS IT COVERED? Yo u r s o u r c e f o r p r o f e s s i o

SOCIAL ENGINEERING FRAUD SO IS IT COVERED? Yo u r s o u r c e f o r p r o f e s s i o

SOCIAL ENGINEERING FRAUD SO IS IT COVERED? Yo u r s o u r c e f o r p r o f e s s i o nal l i a b i l i t y e d u cat i on a n d n e t w or k i ng. Presenters Joshua Laycock National Fidelity Product Manager Guarantee

218 views • 17 slides
Social Forensication A Multidisciplinary Approach to Successful Social Engineering Joe Gray,

Social Forensication A Multidisciplinary Approach to Successful Social Engineering Joe Gray,

Social Forensication A Multidisciplinary Approach to Successful Social Engineering Joe Gray, CISSP-ISSMP, GSNA, GCIH, OSWP Hack in Paris 2019 The thoughts and opinions in this presentation do not The thoughts and opinions in this presentation

408 views • 37 slides
Social Engineering CS 334 - Computer Security Thanks to: The late Dr. Yosef Sherif, unknown

Social Engineering CS 334 - Computer Security Thanks to: The late Dr. Yosef Sherif, unknown

Social Engineering CS 334 - Computer Security Thanks to: The late Dr. Yosef Sherif, unknown colleague at UW-Madison, Mathew Sullivan at Iowa State, Tanya L. Crenshaw at U. Portland, various other colleagues and contributors 1 Social

939 views • 67 slides
Incident Response to Social Engineering Attacks: Domain Hijacking Ramses Martinez Director of

Incident Response to Social Engineering Attacks: Domain Hijacking Ramses Martinez Director of

Incident Response to Social Engineering Attacks: Domain Hijacking Ramses Martinez Director of Information Security Date: June 22, 2010 Background More and more attacks are exploiting business logic using social engineering attacks. Low

425 views • 15 slides
Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social

Bringing the Fight to Them: Exploring Aggressive Countermeasures to Phishing and other Social Engineering Scams Allen Zhou Comp116 Final Presentation What is Phishing? Social Engineering Steal credentials, data, or money Infect

438 views • 26 slides
SOCIAL ENGINEERING THREATS & COUNTERMEASURES IN AN OVERLY

SOCIAL ENGINEERING THREATS & COUNTERMEASURES IN AN OVERLY

SOCIAL ENGINEERING THREATS & COUNTERMEASURES IN AN OVERLY CONNECTED WORLD SHANE MACDOUGALL TACTICAL INTELLIGENCE INC. About Me InfoSec since 1989

1k views • 79 slides
Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda

Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda

Ray-Ban phishing scams occur a lot on Facebook CS 88S Phishing, Social Engineering, Various malwares Week 3 Frank Chen | Spring 2017 Agenda Review last weeks material Phishing & Social Engineering Various Malwares Spam

774 views • 52 slides

More recommend