Social engineering

The weakest link in companies are humans. They are likely to commit mistakes πŸ”₯. Social engineering is a technique used by hackers to exploit humans into compromising the security of the organization.

Phishing 🎣: trick the victim using fraudulent emails/sms/messages leading them to revealing sensitive or private information.

Spear Phishing/Fraude au prΓ©sident πŸ”«: the attacker investigates a victim in order to create a convincing mail/call that will lead them to compromise the organization. For instance, an email from the director on a friday (right before going home) asking them to URGENTLY transfer money without notifying anyone.

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

  • Social Hacking
    • Tailgating
    • Pretexting/Roleplaying
    • Dumpster Diving
    • Baiting
  • Shoulder surfing
  • Vishing
  • Smishing
  • Homoglyph
  • Serveur Open Mail Relay
  • Spam
  • Email spoofing
  • Email Attachments
  • SET (Social Engineer Toolkit)
  • If we compromise a ticketing system, we can use it to receive mails (e.g. maybe, with company email, each ticket may have a thread). Can be used to join Slack or create accounts maybe.

adventofcyber4

  • phishing
  • emlAnalyzer -i File (ex: .eml/.msg)
    • --header (show headers)
    • -u (show urls)
    • --text (show cleartext data)
    • --extract-all (extract attachment)
  • emailrep
  • InQuest (file analysis)
  • Urlscan/Browserling/Wannabrowser
  • sha256sum file -> pass it to tools
  • zphisher