social engineering techniques
DESCRIPTION
Social Engineering Techniques. Will Vandevanter, Senior Security Consultant Danielle Sermer, Business Development Manager. Agenda. Rapid7 Company Overview and Learning Objectives. 1. Social Engineering Techniques. 2. Summary and Q&A. 3. Rapid7 Corporate Profile. Company - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/1.jpg)
Social Engineering Techniques
Will Vandevanter, Senior Security ConsultantDanielle Sermer, Business Development Manager
1
![Page 2: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/2.jpg)
2
Agenda
Rapid7 Company Overview and Learning Objectives 1
Social Engineering Techniques 2
Summary and Q&A 3
![Page 3: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/3.jpg)
Rapid7 Corporate Profile
Company • Headquarters: Boston, MA• Founded 2000, Commercial Launch 2004• 110+ Employees• Funded by Bain Capital (Aug. 08) - $9M• Acquired Metasploit in Oct. 09Solutions• Unified Vulnerability Management Products• Penetration Testing Products• Professional ServicesCustomers• 1,000+ Customers• SMB, Enterprise• Community of 65,000+Partners• MSSPs• Security Consultants• Technology Partners• Resellers
#1 Fastest growing company for Vuln. Mgmt
#1 Fastest growing software company in Mass.
#7 Fastest growing security company in U.S.
#15 Fastest growing software company in U.S.
Organizations use Rapid7 to Detect Risk, Mitigate Threats and Ensure
Compliance
![Page 4: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/4.jpg)
Social Engineering Techniques
4
![Page 5: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/5.jpg)
5
• Penetration Tester and Security Researcher
• Web Application Assessments, Internal Penetration Testing, and Social Engineering
• Disclosures on SAP, Axis2, and open source products
• Twitter: @willis__• will __AT__ rapid7.com
Will Vandevanter
![Page 6: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/6.jpg)
6
Social Engineering Definition
“The act of manipulating people into performing actions or divulging confidential information..”
Wikipedia (also sourced on social-engineer.org)
![Page 7: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/7.jpg)
7
• The act of manipulating the human element in order to achieve a goal.
• This is not a new idea.
Social Engineering Definition Revisited
![Page 8: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/8.jpg)
8
Visualizing the Enterprise
![Page 9: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/9.jpg)
9
• The primary objective of all assessments is to demonstrate risk
• ‘Hack Me’ or ‘We just want to know if we are secure’ is not specific enough
• How do I know what is the most important to the business?
Goal Orientated Penetration Testing
![Page 10: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/10.jpg)
10
• To achieve the goals for the assessment
• To test policies and technologies
How We Use Social Engineering
![Page 11: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/11.jpg)
11
1. Information Gathering2. Elicitation and Pretexting3. The Payload4. Post Exploitation5. Covering your tracks
Commonalities
![Page 12: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/12.jpg)
Electronic Social Engineering
12
![Page 13: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/13.jpg)
13
• White Box vs. Black Box vs. Grey Box• Know Your Target• Gather Your User List
– Email Address Scheming– Document meta-data– Google Dorks– Hoovers, Lead411, LinkedIn, Spoke, Facebook
• Verify Your User List• Test Your Payload
Information Gathering
![Page 14: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/14.jpg)
14
• Goal : To obtain user credentials without tipping off the user
• Identify a user login page– Outlook Web Access– Corporate or Human
Resources Login Page• Information Gathering is
vital
Template 1 – The Fear Factor
![Page 15: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/15.jpg)
15
Pretexting
![Page 16: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/16.jpg)
16
The Payload
![Page 17: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/17.jpg)
17
Post Exploitation
![Page 18: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/18.jpg)
18
How Effective Is it
• Incredibly Successful• Case Study
– Mid December 2010– 80 e-mails sent to various offices and levels of users– 41 users submitted their credentials
• Success varies on certain factors– Centralized vs. Decentralized Locations– Help Desk and internal communication process– Number of e-mails sent– Time of the day and day of the week matter
![Page 19: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/19.jpg)
19
• Do your users know who contact if they receive an e-mail like this?
• How well is User Awareness Training working?
• How well is compromise detection working?
• Are your mail filters protecting your users?
Controls and Policy
![Page 20: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/20.jpg)
20
• Goal: To have a user run an executable providing internal access to the network.
• Information Gathering:– Egress filtering rules– Mail filters– AV
Template 2 – Security Patch
![Page 21: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/21.jpg)
21
Pretexting
![Page 22: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/22.jpg)
22
• Meterpreter Executable
• Internal Pivot
The Payload
![Page 23: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/23.jpg)
23
Post Exploitation
![Page 24: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/24.jpg)
24
• Highly Dependent on a high number of factors• Atleast 5-10% of users will run it• Case Study
– July 2010– ~70 users targeted– 12 Connect backs made
• Success Varies on Many Factors– Egress Filtering– Mail Server Filters– Server and endpoint AV
How Effective Is It?
![Page 25: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/25.jpg)
25
• Do your users know who contact if they receive an e-mail like this?
• How well is User Awareness Training working?
• How well is compromise detection working?
• Are your mail filters protecting your users?• Technical Controls
Controls and Policy
![Page 26: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/26.jpg)
26
• Information Gathering– Maltego– Shodan– Hoovers, Lead411, LinkedIn
• Social Engineering Toolkit (SET)• Social Engineering Framework (SEF) • Metasploit
Tools of The Trade
![Page 27: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/27.jpg)
Physical Social Engineering
27
![Page 28: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/28.jpg)
28
Information Gathering
“If you know the enemy and know yourself you need not fear the results of a hundred battles.”
-Sun Tzu
![Page 29: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/29.jpg)
29
• White Box vs. Black Box vs. Grey Box• Know Your Target• Pretexting is highly important
Information Gathering
![Page 30: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/30.jpg)
30
• Props or other utilities to create the ‘reality’
• Keep the payload and the goal in mind
• Information Gathering is key
Pretexting
![Page 31: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/31.jpg)
31
• Goal: To have a user either insert a USB drive or run a file on the USB drive
• Start with no legitimate access to the building
• Getting it in there is the hard part
Template 1 – Removable Media
![Page 32: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/32.jpg)
32
• The Parking Lot• Inside of an Envelope• Empathy• Bike Messenger, Painter, etc.
Pretexting USB Drives
![Page 33: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/33.jpg)
33
• AutoRun an executable• Malicious PDF • Malicious Word Documents
Payload
![Page 34: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/34.jpg)
34
Post Exploitation
![Page 35: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/35.jpg)
35
• What are the restrictions on portable media?
• Was I able to bypass a control to gain access to the building?
• Technical Controls
Controls and Policies
![Page 36: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/36.jpg)
36
• Goal: “Paul” needed to obtain access to the server room at a credit union
• The room itself is locked and accessible via key card only.
• Information Gathering• Pretexting
Case Study - The Credit Union Heist
![Page 37: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/37.jpg)
37
• RFID card reader and spoofer
• Pocket Router • SpoofApp• Lock Picking Tools• Uniforms
Gadgets
![Page 38: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/38.jpg)
38
• Protecting against Social Engineering is extremely difficult
• User Awareness training has it’s place
• Regularly test your users• Metrics are absolutely
critical to success• During an assessment
much of it can be about luck
Closing Thoughts
![Page 39: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/39.jpg)
39
• www.social-engineer.org• “The Strategems of Social Engineering” – Jayson Street,
DefCon 18• “Open Source Information Gathering” – Chris Gates,
Brucon 2009• Security Metrics: Replacing Fear, Uncertainty, and Doubt –
Andrew Jaquith
Resources
![Page 40: Social Engineering Techniques](https://reader034.vdocuments.site/reader034/viewer/2022051317/568167e2550346895ddd4925/html5/thumbnails/40.jpg)
40
Questions or Comments