Monday, October 3, 2011

Social Engineering [from Eden Guide to Hacking >> Active Recon]

Eden Guide To Hacking :
Social Engineering
direct link :  ineering.txt

Most creative non-technical hacker practice known to mankind.
a.) It's Art of Communication with People for 'Information Leakage'.

  • You have a 'Victim' identified by now and wanna collect more and more available information related to them.
  • Not just any relevant information, but sensitive details, that Victim or related people handover to you in confidence.
  • You think like a con-artist, assess weakness of your victim & the possibilities of make-believe for them.
  • Then you come up with an entire scenario to pose yourself a reliable savior for your Victim to be saved; a benefactor.
  • And you will find them revealing such discreet and sensitive information so that they can encash the situation to its max. And let you gather all sensitive information that you can.

b.) Example: "The pretend employee loosing access at critical time"

  • You are a management personnel on client location in middle of a very life-changing deal.
  • You need to get some files from your organization's machine or file-share; but can't access them due to firewall policies on either side.
  • If you can't seal the deal, the failure will take away your job and the person refusing you such crucial-moment help.
  • And there are many chances that you'll get the data fetched from your pretended 'Employee', mailed to you.

c.) Example: "I'm here to check your Network from Agency"

  • You are at home of your Victim when some family member, hopefully not much security aware is in-charge and pose as the Network Guy from the Telecom Agency they use.
  • Offering new organization customer satisfaction mumble-jumble, you try to get access to check health status of network devices installed there, and more computing devices if possible.
  • Now, if the devices are tweakable without any credential request from the family member there... try that first.
  • If it doesn't work and even they don't have access, then pose as attempting the 'Master Password' so they don't inform the Victim.

d.) For ultimate case studies, read "Art of Deception" by "Kevin Mitnick", the most famous Social Engineering Hacker 'known'.