social engineering techniques n.
Skip this Video
Loading SlideShow in 5 Seconds..
Social Engineering Techniques PowerPoint Presentation
Download Presentation
Social Engineering Techniques

Loading in 2 Seconds...

play fullscreen
1 / 40

Social Engineering Techniques - PowerPoint PPT Presentation

  • Uploaded on

Social Engineering Techniques. Will Vandevanter, Senior Security Consultant Danielle Sermer, Business Development Manager. Agenda. Rapid7 Company Overview and Learning Objectives. 1. Social Engineering Techniques. 2. Summary and Q&A. 3. Rapid7 Corporate Profile. Company

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Social Engineering Techniques' - candy

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
social engineering techniques

Social Engineering Techniques

Will Vandevanter, Senior Security Consultant

Danielle Sermer, Business Development Manager


Rapid7 Company Overview and Learning Objectives


Social Engineering Techniques


Summary and Q&A


rapid7 corporate profile
Rapid7 Corporate Profile


  • Headquarters: Boston, MA
  • Founded 2000, Commercial Launch 2004
  • 110+ Employees
  • Funded by Bain Capital (Aug. 08) - $9M
  • Acquired Metasploit in Oct. 09


  • Unified Vulnerability Management Products
  • Penetration Testing Products
  • Professional Services


  • 1,000+ Customers
  • SMB, Enterprise
  • Community of 65,000+


  • MSSPs
  • Security Consultants
  • Technology Partners
  • Resellers

Organizations use Rapid7 to Detect Risk, Mitigate Threats and Ensure Compliance

#1 Fastest growing company for Vuln. Mgmt

#1 Fastest growing software company in Mass.

#7 Fastest growing security company in U.S.

#15 Fastest growing software company in U.S.

will vandevanter
Will Vandevanter
  • Penetration Tester and Security Researcher
  • Web Application Assessments, Internal Penetration Testing, and Social Engineering
  • Disclosures on SAP, Axis2, and open source products
  • Twitter: @willis__
  • will __AT__
social engineering definition
Social Engineering Definition

Wikipedia (also sourced on

social engineering definition revisited
Social Engineering Definition Revisited
  • The act of manipulating the human element in order to achieve a goal.
  • This is not a new idea.
goal orientated penetration testing
Goal Orientated Penetration Testing
  • The primary objective of all assessments is to demonstrate risk
  • ‘Hack Me’ or ‘We just want to know if we are secure’ is not specific enough
  • How do I know what is the most important to the business?
how we use social engineering
How We Use Social Engineering
  • To achieve the goals for the assessment
  • To test policies and technologies

1. Information Gathering

2. Elicitation and Pretexting

3. The Payload

4. Post Exploitation

5. Covering your tracks

information gathering
Information Gathering
  • White Box vs. Black Box vs. Grey Box
  • Know Your Target
  • Gather Your User List
    • Email Address Scheming
    • Document meta-data
    • Google Dorks
    • Hoovers, Lead411, LinkedIn, Spoke, Facebook
  • Verify Your User List
  • Test Your Payload
template 1 the fear factor
Template 1 – The Fear Factor
  • Goal : To obtain user credentials without tipping off the user
  • Identify a user login page
    • Outlook Web Access
    • Corporate or Human Resources Login Page
  • Information Gathering is vital
how effective is it
How Effective Is it
  • Incredibly Successful
  • Case Study
    • Mid December 2010
    • 80 e-mails sent to various offices and levels of users
    • 41 users submitted their credentials
  • Success varies on certain factors
    • Centralized vs. Decentralized Locations
    • Help Desk and internal communication process
    • Number of e-mails sent
    • Time of the day and day of the week matter
controls and policy
Controls and Policy
  • Do your users know who contact if they receive an e-mail like this?
  • How well is User Awareness Training working?
  • How well is compromise detection working?
  • Are your mail filters protecting your users?
template 2 security patch
Template 2 – Security Patch
  • Goal: To have a user run an executable providing internal access to the network.
  • Information Gathering:
    • Egress filtering rules
    • Mail filters
    • AV
the payload1
The Payload
  • Meterpreter Executable
  • Internal Pivot
how effective is it1
How Effective Is It?
  • Highly Dependent on a high number of factors
  • Atleast 5-10% of users will run it
  • Case Study
    • July 2010
    • ~70 users targeted
    • 12 Connect backs made
  • Success Varies on Many Factors
    • Egress Filtering
    • Mail Server Filters
    • Server and endpoint AV
controls and policy1
Controls and Policy
  • Do your users know who contact if they receive an e-mail like this?
  • How well is User Awareness Training working?
  • How well is compromise detection working?
  • Are your mail filters protecting your users?
  • Technical Controls
tools of the trade
Tools of The Trade
  • Information Gathering
    • Maltego
    • Shodan
    • Hoovers, Lead411, LinkedIn
  • Social Engineering Toolkit (SET)
  • Social Engineering Framework (SEF)
  • Metasploit
information gathering2
Information Gathering
  • White Box vs. Black Box vs. Grey Box
  • Know Your Target
  • Pretexting is highly important
  • Props or other utilities to create the ‘reality’
  • Keep the payload and the goal in mind
  • Information Gathering is key
template 1 removable media
Template 1 – Removable Media
  • Goal: To have a user either insert a USB drive or run a file on the USB drive
  • Start with no legitimate access to the building
  • Getting it in there is the hard part
pretexting usb drives
Pretexting USB Drives
  • The Parking Lot
  • Inside of an Envelope
  • Empathy
  • Bike Messenger, Painter, etc.
  • AutoRun an executable
  • Malicious PDF
  • Malicious Word Documents
controls and policies
Controls and Policies
  • What are the restrictions on portable media?
  • Was I able to bypass a control to gain access to the building?
  • Technical Controls
case study the credit union heist
Case Study - The Credit Union Heist
  • Goal: “Paul” needed to obtain access to the server room at a credit union
  • The room itself is locked and accessible via key card only.
  • Information Gathering
  • Pretexting
  • RFID card reader and spoofer
  • Pocket Router
  • SpoofApp
  • Lock Picking Tools
  • Uniforms
closing thoughts
Closing Thoughts
  • Protecting against Social Engineering is extremely difficult
  • User Awareness training has it’s place
  • Regularly test your users
  • Metrics are absolutely critical to success
  • During an assessment much of it can be about luck
  • “The Strategems of Social Engineering” – Jayson Street, DefCon 18
  • “Open Source Information Gathering” – Chris Gates, Brucon 2009
  • Security Metrics: Replacing Fear, Uncertainty, and Doubt – Andrew Jaquith