Spear Social Engineering - Chapter 6, Part 1 PDF

Chapter 6 Spear Social Engineering PART ONE Introduction  A well-planned war means that you may lose a battle with a specific individual but still come out victorious.  You should really ponder the extreme importance of proper reconnaissance.  When you analyzing all the data you gathered during the reconnaissance phase, don’t ask yourself “is this useful?” --- ask yourself “How is this useful?” you will find that almost all of the data will in some way help you better craft your social engineering attacks.  In this chapter, we will start by jumping into social engineering and some of the strategies and tactics that can allow you to take the first step into gaining access to your target organization Social Engineering  The art of social engineering comes from:  Understanding  Practicing  Trusting your gut when executing attacks The true art of social engineering come only from learning and putting your knowledge to the test in the real world. Don’t forget for a second that all of the core social engineering concepts (and the “vulnerabilities” we exploit are deeply rooted in human psychology and evolution. Social Engineering Strategies 1. Assumptions: Understanding and manipulating individuals based on their assumptions 2. Do What Works for you: a. the most important strategy within social engineering is to know yourself and use tactics and execute attacks that can guarantee your success b. There are many different social engineering and specific attacks, but some of these simply might not be practical for you to execute Social Engineering Strategies 3. Preparation: key elements when preparing include: a. The overall story for your interaction (ex. Pretend to be an employee) b. The multiple steps or phases in your story (ex. Obtain specific names via phishing) c. The hoops you wish your target to jump through (ex. requesting password reset) This preparation should also include defining specifics to ensure success including: 1. tactics (tone of email or phone call) 2. items (uniform or clothing your will choose) 3. actions (name of individual, industry, building appropriate resources) Social Engineering Strategies 4. Legitimacy Triggers: one of the most powerful social engineering truths is the power of assumed legitimacy. legitimacy triggers should be sprinkled throughout all of your social engineering attacks, not just in face-to-face or verbal communications Examples: 1. Business cards with FBI logo and an appropriate title 2. An earpiece or walkie-talkie ( and I communicate with another “agent” 3. A gun holsted on my hip or under my arm 4. An appropriate nondescript vehicle Social Engineering Strategies 5. Keep It Simple, Stupid: One of the core tenets of the APT hacker is KISS: Keep it Simple, Stupid. Keep in mind that many times, the simplest attacks are the ones with the highest success rate. Social Engineering Strategies 6. Don’t Get Caught: The core concept here is not to simply avoid getting caught, but to always leave yourself reasonable explanation or way out of your social engineering stories that will not alert the person being social engineered of your activities. Another way to look at this is your ability to walk away For example, if a target is refusing to open an email attachment and request an identification, then always have a specific reason such as it was not meant to be sent, or this wrong email to you….etc. In Chapter 9, we will discuss some techniques you can use gracefully back out of physical infiltration that fails. Social Engineering Strategies 8. Don’t Lie: a. if you keep this “don’t Lie” strategy in mind when designing and executing your social engineering attacks, you will see a measurable increase in your success rate. b. It does not mean that you do not lie, but say as little untrue information as possible. c. Limiting the number of untrue elements in your attack is a critical strategy d. If you must lie, then believe in your lie e. Must have familiarity of the subject matter so to perfect the lie story Social Engineering Strategies 7. Congruent: a. Play the Part b. you must consider all things for your story and how they will be perceived by your target c. understanding all the details d. the entire concept need to be executed from the perspective of your target individual Social Engineering Tactics 1. Like Likes Like: People tend to be friends with or simply like individuals who are like them People tend to be less suspicious of and more helpful to people they like Demonstrate similarity To match as much about the target individual as possible including: Voice Tone Their grammar Their greetings Their farewells Social Engineering Tactics 2. Personality Types: must be aware of the most basic personality types to be effective they can be based on observations by understanding the types of individuals you are likely to encounter Social Engineering Tactics 3. Friendly: a. Friendly people tend to make the best target for a social engineer b. they are prime target for one reason: they tend be very trusting of other people, and means helpful and trustworthy c. if you get a negative response from a friendly personality type, that is a bad thing, and you should probably bow out of that interaction. Social Engineering Tactics 4. Worker Bees: worker bees are easy to spot as well avoiding eye contact means a worker bee they tend to be helpful Social Engineering Tactics 5. Suspicious: a. some people are naturally suspicious of everything b. it is still possible to social engineer these people c. not worth the risk of raising any further suspicious d. the trick is to correctly identify an individual as token question e. their questions might be just token, with right answer then no issue Social Engineering Tactics 6. Road Blocks: a. they take issues with anyone b. this is their modus operandi c. they are rare d. they are with authority complexes e. with right story at the right time, capability exist Social Engineering Tactics 7. Authorities: a. can be some of the absolute best and easiest targets b. high level authorities are the CEO types c. CEO can seem curt of uninterested in things outside of their area of expertise which makes them easy targets d. Mid level authority more likely managers of departments or specific areas e. more difficult type social engineer directly, depending on story f. should avoid attempting to social engineer Social Engineering Tactics 8. Events: a. monitoring events of importance to your target especially during phishing can be an extremely effective tactic in enticing a response or building trust. b. common method used by cyber-criminals when using e-mail phishing examples: 1. you just won free tickets to 2. important requirements for upcoming company picnic 3. register for a free ticket 4. you have been nominated for Social Engineering Tactics 9. Tell Me What I know: a. Conveying to individual multiple facts that they are aware of but that they believe are somewhat private pieces of information can be a great way to build trust b. tell the target individual enough information that is specific to them or their organization or that demonstrates you have the same authorization as them to build credibility Social Engineering Tactics 10. Inside Information: a. very specific information on target organization b. you should demonstrate any knowledge that shows you are an insider of the “organizational club” c. you can show that you are an insider by using industry- standard : 1. acronyms 2. company-specific phrases 3. sharing same information such as complains about same things Social Engineering Tactics 11. Name Dropping: a. using someone name who is familiar to the target individual b. this will add credibility to your story example: mentioning name of the CEO or Head of IT This is one of the best ways of demonstrating insider information is the age-old practice of name dropping. The Right Tactic Many people get caught up in analyzing all the options for how to approach a specific social engineering task You could spend a year analyzing all of the possible options for how to approach and interact with your target Some of the most effective approaches include: 1. Authority: it can be easy one by simply stating or referring 2. Supplications: you simply asking for someone’s help 3. Sympathy: asking for help form someone who is relatively at the same level 4. Sex appeal: flirting can sometimes be great at building rapport and getting someone to comply with your request 5. Greed: appealing to someone by allowing them to believe they may have stumbled onto a unique situation that can allow to gain advantage with little efforts Why Don’t You Make Me? There are two approaches to encourage someone to act quickly: 1. Threaten them 2. Entice them These two approaches have been a favorite of spammers and con-men for a long time. Spammers, for example, might threaten someone by saying there was a major issue with their taxes and they are facing sever penalties. The target might be instructed to fill out an attached document to avoid costly fines A person can be enticed by an email that they have just won a free cruise or a gift card. These same methods can be useful for the APT hacker.

Spear Social Engineering - Chapter 6, Part 1 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue