Social engineering is a con game relying on influence, social skills, and human interaction to obtain information about an organization or computer systems. Lisa Bock dives into the Social-Engineer Toolkit (SET), an open-source tool that can create phishing attacks, generate malicious files, or produce a malicious website.
- [Voiceover] Social engineering is a con game…relying on influence, social skills, and human interaction,…with a goal of obtaining information…about an organization or computer systems.…The Social-Engineering Toolkit is open source tool…aimed at penetration testing using social engineering.…You can download the toolkit or use it within Kali Linux.…By using social engineering skills,…we can get the victim to click on a link,…open a file or go to a malicious website…so they can install malware such as…a rootkit, spyware, or a keystroke logger.…
The Social-Engineering Toolkit provides…the tools to build the bait.…However, to complete the attack,…you'll want to use Metasploit and create the exploit.…What's really great is the Social-Engineering Toolkit…has an ability to launch an attack…that is in one of three main categories,…phishing and spear phishing attacks,…generating malicious files…such as PDFs, Office documents, and executables.…
Or create a malicious website,…probably one that you've cloned from a legitimate site.…
In this course, cybersecurity expert Lisa Bock discusses the methods a hacker might use, including embedding malicious links and attachments in emails and using mobile devices and social media to deploy an attack. She discusses the concept of "misuse of trust"—how hackers use charm, power, and influence to penetrate an organization—and why you need to be extra cautious with the disgruntled employee. Finally, Lisa discusses countermeasures security professionals can take to address these attacks.
Note: This course maps to the Social Engineering competency of the Certified Ethical Hacking exam. Review the exam objectives at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Visualizing the victim
- Recognizing an attack
- Using charm, power, and influence
- Manipulating with social media
- Preventing insider attacks
- Stealing identities
- Pen testing with social engineering
- Taking countermeasures