Building on the social engineering discussion from the previous video, Jerod provides you with a demo of the Social-Engineer Toolkit. In this demo, Jerod shows you how to clone a website, comparing the original to the clone. He also discusses how you can use this functionality to harvest user credentials during your next penetration test.
- [Instructor] In Kali Linux,…I'd like to use the…Social Engineer's Toolkit to clone a website.…If you were to use this…during an actual security assessment,…you might use this to gauge an organization's…employee's security awareness.…Do they know how to detect a fake website?…Using the OWASP Vulnerable Web…Applications Directory Project again,…let's take one of the online applications.…Toward the bottom of the list,…you'll find one called Security Tweets…from the vendor Acunetix, one of the web application…security vendors I mentioned earlier.…
When we navigate to that URL…testhtml5.vulnweb.com,…we can see what this deliberately…vulnerable website looks like.…In the upper right hand corner,…you'll notice a Login button.…That's exactly the kind of information…we're going after here.…So let's use Social-Engineer's Toolkit, see what we can do.…Under Applications, Social Engineering Tools,…SET is the second entry from the bottom.…
Click on that.…Once SET loads, I'd like you to enter…option one, Social-Engineering Attacks,…
Note: This course aligns with the National Institute of Standards and Technology (NIST) special publication on information security testing (SP 800-115).
- Identifying the five major types of security assessments
- Defining the security assessment life cycle
- Setting up your testing environment
- Planning a security assessment
- Reviewing documentation, logs, and more
- Identifying test targets
- Testing for password and other security vulnerabilities
- Drafting and delivering your report
Skill Level Beginner
Security Testing: Nmap Security Scanningwith Mike Chapple1h 46m Intermediate
Troubleshooting Your Network with Wiresharkwith Lisa Bock2h 35m Intermediate
DevSecOps: Automated Security Testingwith James Wickett1h 35m Intermediate
What you should know1m 49s
1. Understanding Security Assessments
2. Your Testing Environment
3. Planning Your Assessment
4. Review Techniques
5. Identifying Your Targets
6. Vulnerability Validation
7. Additional Considerations
Next steps3m 39s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.