Book Image

Kali Linux Social Engineering

By : Rahul Singh Patel
Book Image

Kali Linux Social Engineering

By: Rahul Singh Patel

Overview of this book

<p>Kali Linux has a specific toolkit that incorporates numerous social-engineering attacks all into one simplified interface. The main purpose of SET (social engineering toolkit) is to automate and improve on many of the social engineering attacks currently out there.</p> <p>This book is based on current advanced social engineering attacks using SET that help you learn how security can be breached and thus avoid it. You will attain a very unique ability to perform a security audit based on social engineering attacks.</p> <p>Starting with ways of performing the social engineering attacks using Kali, this book covers a detailed description on various website attack vectors and client side attacks that can be performed through SET. This book contains some of the most advanced techniques that are currently being utilized by hackers to get inside secured networks. This book covers phishing (credential harvester attack), web jacking attack method, spear phishing attack vector, Metasploit browser exploit method, Mass mailer attack and more.</p> <p>By the end of this book you will be able to test the security of any organization based on social engineering attacks.</p>

Related Content you might be interested in

Current Title:

Small book image
Kali Linux Social Engineering
Rahul Singh Patel
Dec, 2013 | 84 pages
No titles found
Table of Contents (11 chapters)
Kali Linux Social Engineering
Kali Linux Social Engineering
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Social Engineering Attacks
Introduction to Social Engineering Attacks
Understanding social engineering attacks
Phases in a social engineering attack
Types of social engineering
Computer-based social engineering tools – Social-Engineering Toolkit (SET)
Policies and procedure
Summary
2
Understanding Website Attack Vectors
Understanding Website Attack Vectors
Phishing and e-mail hacking – Credential Harvester attack
Java Applet Attack
Defense against these attacks
Summary
3
Performing Client-side Attacks through SET
Performing Client-side Attacks through SET
Creating a payload and a listener
Understanding the mass mailer attack
Understanding the SMS spoofing attack vector
Summary
4
Understanding Social Engineering Attacks
Understanding Social Engineering Attacks
Identity theft
Stealing an identity
Elicitation
Penetration testing tools
Summary
Index
Index

Policies and procedure

Security policies are the base of any organization's security infrastructure. A security policy is a document that describes the security controls that will be applied in the organization.

For securing against social engineering attacks, an employee needs to be aware of the attacks that are currently happening in the social engineering world and the counter measures to avoid them.

Training

Employee awareness training plays a very vital role in recognizing the social engineering attack scheme and how to respond effectively. All employees must be aware about the common techniques that social engineers use to get the desired information, such as how the social engineer first tries to build a strong trust relationship, and so on and so forth.

Incident response system

There should be a proper system put in place to detect and investigate social engineering attacks.

Classification of information

Information should be classified as confidential, discreet, and top secret. Accordingly, authorizations should be allocated to whoever is available based on the permission level.

Password policies

Passwords play a very critical role in today's IT environment. There should be guidelines on how to manage passwords. These guidelines should be followed by the network admin, database administrators, and all other personnel.

Likewise, the following validation checks could be incorporated:

  • Length and complexity of passwords.

  • Allowing the user to attempt a re-login in case of a failed login attempt.

  • Account blocking after a set number of failed attempts.

  • Periodic changing of the password.

  • Enterprise proxy servers with anti-malware and anti-phishing measures may help. For example, tools such as Cisco's IronPort web application gateway and many others.

Previous Section
End of Section 6
Next Section