roberto salgado wolf sheeps clothing · brief history of s.e - examples! adam & eve - 4000-6000...
TRANSCRIPT
![Page 1: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/1.jpg)
Social Engineering
A Wolf in Sheep’s Clothing
![Page 2: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/2.jpg)
![Page 3: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/3.jpg)
Roberto Salgadou Programmer / Security Researcher / Pentester
u Co-founder of Websec
u Websec = Information Security Solutions
u Pen-testing, training, monitoring, etc…
Contact Infou @LightOS
u http://www.websec.ca
![Page 4: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/4.jpg)
Overviewu What is Social Engineering?
u Definition
u Brief History
u Trending Topic
u The Evolution of S.E.
u Different Forms of S.E.
u How is Social Engineering Performed?
u Performing OSINT (Open-source Intelligence)
u Selecting a Delivery Method for Payload
u Creating a Command & Control Center
u Making Payload FUD (Fully UnDetectable)
u Live Demo
u How to Defend Against Social Engineering?
![Page 5: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/5.jpg)
Social EngineeringWhat is it?
![Page 6: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/6.jpg)
Definition
u S.E. is an attack vector which involves tricking the human element into breaking security procedures.
u Generally requires very little to NO technological or security knowledge. The very strongest security can be overcome by a clever social engineer.
u Comes in many shapes, forms & colors.
u ALL of us have been victims of it at some point throughout our lives. Affects both end-users and businesses.
![Page 7: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/7.jpg)
Brief History of S.E
u Doesn’t have a defined starting moment.
u Has probably been around since the beginning of humanity.
u Countless examples of S.E. throughout history.
![Page 8: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/8.jpg)
Brief History of S.E - Examplesu Adam & Eve - 4000-6000 BC
u The Trojan Horse - 1188 BC
u George Parker – Early 1900s
u Charles Ponzi – 1920s
u Victor Lustig (“The man who sold the Eiffel Tower”) – 1925
u Frank Abagnale (Catch Me If You Can) – 1960s
u Kevin Mitnick – Around 1980-1995
u Thomas Katona (treasurer of Alcona County, Michigan) – 2007
u Bernie Madoff - 2008
u RSA SecurID Breach – 2011
u AP Twitter Hacked – 2013
u Target (HVAC contractor) - 2013
![Page 9: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/9.jpg)
Brief History of S.E – Personal Examplesu Myself (Gypsies) – 2003?
u Close Friend - 2013
u My Roommate – 2015
u ?
![Page 10: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/10.jpg)
#SocialEngineering is Trending…
![Page 11: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/11.jpg)
The Evolution of S.E.u S.E. is no longer confined to the physical realm.
u Technology has made some fraud more difficult to commit, however it's created all sorts of new opportunities for adaptable fraudsters.
u Nigerian phishing scams still work, however not as well as before.
u Attackers have gotten more clever with their techniques.
![Page 12: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/12.jpg)
The Evolution of S.E.u Receiving an EXE file via e-mail is a thing of the past.
u Ever suspect that an Office document (Word, PowerPoint, Excel) could hack you?
u Heard of HTA? Supported by Windows since 1999.
u Like EXE, but currently undetectable by AV and can run PowerShell
u Unicode magic!
![Page 13: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/13.jpg)
Unicode Magic!
uLeft-To-Right Override
u+U202D
uRight-To-Left Override
u+U202E
![Page 14: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/14.jpg)
Live Demo!
![Page 15: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/15.jpg)
![Page 16: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/16.jpg)
Different forms of S.E.
u Baiting
u Phishing
u Pretexting
u Tailgating
u Quid Pro Quo
u Shoulder Surfing
u Dumpster Diving
![Page 17: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/17.jpg)
Baiting
u Refers to leaving “bait” for the target to pick up, relying on the curiosity or greed of the person being targeted.
u The Trojan Horse is one of the greatest mythological examples of baiting.
u Modern day example is throwing USBs “Executive Salary Summary Q1 2016”.
u Free Music/Movies for downloading a “game” or providing personal info on a form.
![Page 18: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/18.jpg)
![Page 19: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/19.jpg)
Baiting
u Send Secretary a bouquet of USB flowers.
u Pretend to be from romantic lover/admirer.
u Curiosity will inevitably lead to the USB flower been plugged in.
u This scenario makes the target be less suspicious of an attack.
![Page 20: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/20.jpg)
Baiting
u According to research, 76% of people plug in an unknown USB to their office computer.
![Page 21: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/21.jpg)
Baiting
u USBs exist that can FRY your computer by just plugging in.
![Page 22: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/22.jpg)
Phishing
u Involves fake emails, websites, ads designed to impersonate real systems with the tricking the user.
u One of the more prevalent forms of Social Engineering seen today.
u Fake Anti-Virus infection warning (Scareware), Paypalphishing sites, offers for free music, etc…
![Page 23: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/23.jpg)
Phishing
![Page 24: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/24.jpg)
Phishing
![Page 25: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/25.jpg)
Phishing
![Page 26: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/26.jpg)
Phishing
![Page 27: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/27.jpg)
Phishing
u Fake SMS message from “Rogers”
u Number 7000 can be spoofed
u Website http://rogers-clients.com/login/
![Page 28: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/28.jpg)
Phishing
![Page 29: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/29.jpg)
Pretextingu Invented scenario to trick victim to perform actions that
normally be unlikely (human equivalent of Phishing)
u Impersonate trustworthy figure: fake IT support needing to do maintenance, false investigator performing a company audit, co-workers, police, tax authorities, etc...
![Page 30: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/30.jpg)
![Page 31: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/31.jpg)
Pretexting
![Page 32: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/32.jpg)
Quid Pro Quou Means “something for something”.
u A malicious actor calls several IT companies claiming to be
IT service.
u Eventually the attacker will encounter a company that
actually requires the service offered.
![Page 33: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/33.jpg)
Shoulder Surfing
u Looking over someone's shoulder to obtain personal access information.
u Someone's ATM/Smartphone PIN, computer passwords.
u Can be done from a distance too with cameras.
![Page 34: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/34.jpg)
Dumpster Diving
u Involves going through a person/company’s garbage to obtain confidential information.
u Can find bank statements, credit card numbers, contracts, corporate policies, etc..
![Page 35: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/35.jpg)
Social EngineeringHow is it done?
![Page 36: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/36.jpg)
Open-Source Intelligence
u Intel gathered from publically available sources.
u Many platforms available: Google, Facebook, LinkedIn, etc…
u Software available to help: Maltego, theHarvester, creepy, etc…
![Page 37: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/37.jpg)
Delivery Method for Payload
u Several forms: In person, phone, email, website, USB drops.
u E.g.: Pretend to work for their ISP and claim you’ve detected malware installed on their computer.
u Consider what we know about the target.
u Which method would seem the least suspicious?
u Identify your strengths and weaknesses. Practice.
![Page 38: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/38.jpg)
Picking a Domain
u Character omission, repetition, swapping, replacement,
insertion
u Missing dot
u Singularize or pluralize
u Bit flipping
u Homoglyphs
u Wrong TLD
u URLCrazy tool
![Page 39: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/39.jpg)
![Page 40: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/40.jpg)
Command & Control Center
u Server to host: Load an AWS instance
u Amazon = affordable + trusted IP address
u Different open-source and commercial tools available:
u Metasploit Framework
u PowerShell Empire Framework
u Wide variety of RATs
![Page 41: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/41.jpg)
MSF C&C
u Free (community edition) & reliable.
u Constantly being improved and added to, has a community contributing stuff.
u Multiplatform.
u Resource Scripts (neat feature to automate).
u Developed and maintained by Rapid7.
![Page 42: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/42.jpg)
Making Payload FUD
u There are many publicly available crypters, packers and code obfuscators.
u Crypters & RATs are shared in online communities, e.g. indectectables.NET
u Mini-Challenges to obtain crypters so they remain FUD for longer.
u Few attack vectors still aren’t well detected (macros, HTAfiles, PowerShell)
![Page 43: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/43.jpg)
![Page 44: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/44.jpg)
![Page 45: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/45.jpg)
![Page 46: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/46.jpg)
Making Payload FUD
![Page 47: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/47.jpg)
LIVE DEMO
![Page 48: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/48.jpg)
Social EngineeringHow to defend against it?
![Page 49: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/49.jpg)
Am I a target?
u Most definitely!
![Page 50: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/50.jpg)
Heard of Ransomware?
![Page 51: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/51.jpg)
Tips For Staying Safe!
First we have to ask ourselves, why are these techniques so effective?
Carelessness or lack of awareness? Maybe a bit of both…
![Page 52: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/52.jpg)
Tips For Staying Safe!
From Kevin Mitnick’s book “The Art of Deception”:
u People inherently want to be helpful and therefor are
easily duped.
u They assume a level of trust to avoid conflict.
u It’s all about gaining access to information that people
think is innocuous when it isn’t.
u Hear a nice voice over the phone and we want to be
helpful.
![Page 53: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/53.jpg)
Tips For Staying Safe!
u Training & Awareness
u Reminders (Posters)
u Security Hygiene in Office
u Have Policies In-place
u Testing, Testing & More Testing!
u Follow Best Security Practices
u AV?
![Page 54: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/54.jpg)
Tips For Staying Safe!
u Don’t trust what the link shows as the URL, it can be spoofed. Same with file extensions.
<a href="https://www.google.com/" onmousedown="this.href='http://websec.ca'">https://www.google.com/</a>
![Page 55: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/55.jpg)
Don’t Re-use Passwords
u If an attacker obtains your credentials, they may be able to access multiple systems.
u I wrote a tool called “credmap” to test for credential re-use.
u Available at: https://github.com/lightos/credmap
![Page 56: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/56.jpg)
![Page 57: Roberto Salgado Wolf Sheeps Clothing · Brief History of S.E - Examples! Adam & Eve - 4000-6000 BC! The Trojan Horse - 1188 BC! George Parker – Early 1900s! Charles Ponzi – 1920s!](https://reader035.vdocuments.us/reader035/viewer/2022081612/5f646e739bd51e4c4e7ee5eb/html5/thumbnails/57.jpg)
Continuity
u Remember it takes patience, time and continuity.
u But keep on fighting off those pesky attackers and you’ll eventually get there!