Book Image

Kali Linux Social Engineering

By : Rahul Singh Patel
Book Image

Kali Linux Social Engineering

By: Rahul Singh Patel

Overview of this book

<p>Kali Linux has a specific toolkit that incorporates numerous social-engineering attacks all into one simplified interface. The main purpose of SET (social engineering toolkit) is to automate and improve on many of the social engineering attacks currently out there.</p> <p>This book is based on current advanced social engineering attacks using SET that help you learn how security can be breached and thus avoid it. You will attain a very unique ability to perform a security audit based on social engineering attacks.</p> <p>Starting with ways of performing the social engineering attacks using Kali, this book covers a detailed description on various website attack vectors and client side attacks that can be performed through SET. This book contains some of the most advanced techniques that are currently being utilized by hackers to get inside secured networks. This book covers phishing (credential harvester attack), web jacking attack method, spear phishing attack vector, Metasploit browser exploit method, Mass mailer attack and more.</p> <p>By the end of this book you will be able to test the security of any organization based on social engineering attacks.</p>

Related Content you might be interested in

Current Title:

Small book image
Kali Linux Social Engineering
Rahul Singh Patel
Dec, 2013 | 84 pages
No titles found
Table of Contents (11 chapters)
Kali Linux Social Engineering
Kali Linux Social Engineering
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introduction to Social Engineering Attacks
Introduction to Social Engineering Attacks
Understanding social engineering attacks
Phases in a social engineering attack
Types of social engineering
Computer-based social engineering tools – Social-Engineering Toolkit (SET)
Policies and procedure
Summary
2
Understanding Website Attack Vectors
Understanding Website Attack Vectors
Phishing and e-mail hacking – Credential Harvester attack
Java Applet Attack
Defense against these attacks
Summary
3
Performing Client-side Attacks through SET
Performing Client-side Attacks through SET
Creating a payload and a listener
Understanding the mass mailer attack
Understanding the SMS spoofing attack vector
Summary
4
Understanding Social Engineering Attacks
Understanding Social Engineering Attacks
Identity theft
Stealing an identity
Elicitation
Penetration testing tools
Summary
Index
Index

About the Reviewers

Pranshu Bajpai (MBA, MS) is a computer security professional specializing in systems, network, and web penetration testing. He is in the process of completing his Master's in Information Security at the Indian Institute of Information Technology. Currently, he is also working as a freelance penetration tester on a counter-hacking project with a security firm in Delhi, India, where his responsibilities include vulnerability research, exploit kit deployment, maintaining access, and reporting. He is an active speaker with a passion for information security. As an author, he writes for PenTest, Hackin9, and ClubHack Magazine (among others). In his free time, he enjoys listening to classic rock while blogging at www.lifeofpentester.blogspot.com.

I'd like to say thanks to the hacking community for Linux, open source applications, and free education online, which taught me more than I ever learned in classrooms.

Above all, I'd like to thank my mother, Dr. Rashmi Vajpayee, for always being there and inspiring me to never back down.

Aamir Lakhani is a leading cyber security and cyber counter-intelligence architect. He is responsible for providing IT security solutions to major commercial and federal enterprise organizations. He leads projects that implement security postures for Fortune 500 companies, the US Department of Defense, major healthcare providers, educational institutions, and financial and large media organizations. He has designed offensive counter-defense measures for defense and intelligence agencies and has assisted organizations in defending themselves from active strike-back attacks perpetrated by underground cyber groups. Aamir is considered an industry leader in support of detailed architectural engagements and projects on topics related to cyber defense, mobile application threats, malware, Advanced Persistent Threat (APT) research, and dark security. Additionally, he has extensive experience in high-performance data centers, complex routing protocols, cloud computing, and virtualization.

Aamir has been either author or contributor to several books, including Web Penetration Testing with Kali Linux and Instant XenMobile MDM from Packt Publishing. He has been featured in Pen Test Magazine and Hacking Magazine on numerous occasions. He has also appeared on Federal News Radio as an expert on cyber security and is a frequent speaker at security conferences around the world, including RSA, Hacker Halted, and TakeDownCon.

Aamir writes for and also operates one of the world's leading security blogs at http://www.DrChaos.com. In their recent list of 46 Federal Technology Experts to Follow on Twitter, FedTech magazine described him as "a blogger, infosec specialist, superhero, and all round good guy."

I would like to thank my parents, Mahmood and Nasreen Lakhani, for bringing out the best in me and for encouraging me by telling me that the only way to succeed in life is by not being afraid to be out of my comfort zone. I'd like to thank my sisters, Noureen and Zahra Lakhani, for understanding me and for pushing me not to settle for being just good, but to be great. My nieces, Farida and Sofia, I hope you will forgive me for not playing Wii when I was reviewing this book. Lastly, I would like to thank all my friends and colleagues, especially Tim Adams, Ladi Adefala, Kathi Bomar, Brian Ortbals, Bart Robinson, and Matt Skipton, and a dozen other people for giving me the opportunity to work on the world's most complicated projects and architect and design the world's most complex solutions. Thank you David L. Steward, Chairman of the Board at World Wide Technology, and Jim Kavanaugh, Chief Executive Officer at World Wide Technology, and the rest of the executive team for making it (according to Forbes Magazine and multiple years in a row) one of the best places to work. It has been a privilege and an honor to call WWT my home.

Joseph Muniz is a CSE at Cisco Systems and also a security researcher. He started his career in software development and later managed networks as a contracted technical resource. Joseph moved into consulting and found a passion for security while meeting with a variety of customers. He has been involved with the design and implementation of multiple projects ranging from Fortune 500 corporations to large federal networks.

Joseph runs TheSecurityBlogger.com, a popular resource for security and product implementation. You can also find him speaking at live events as well as involved with other publications. He was recently speaker for Social Media Deception at the 2013 ASIS International Conference and speaker for the Eliminate Network Blind Spots with Data Center Security webinar. He is the author of Web Penetration Testing with Kali Linux, Packt Publishing, and has also written an article: Compromising Passwords, PenTest Magazine - Backtrack Compendium, Hakin9 Media Sp. z o.o. SK, July 2013.

Outside of work, Joseph can be found behind turntables scratching classic vinyls or on the soccer pitch hacking away at local club teams.

My contribution to this book could not have been done without the support of my charming wife, Ning, and creative inspirations from my daughter, Raylin. I also must credit my passion for learning to my brother, Alex, who raised me along with my loving parents, Irene and Ray. I would also like to say a big thank you to all of my friends, family, and colleagues who have supported me over the years.

Rohit Patel is from Jabalpur, MP, India. In 2011, he received his bachelor's degree in Information Technology from GRKIST Engineering College. He is a cool techie who is interested in learning new things that leverage his skills and power of knowledge. Currently, he works with Directi, Bangalore, as a Senior Web Hosting Engineer.

Rohit is interested in various things, some of which are networking; Linux; programming languages, such as HTML, Shell Scripting, and Perl; Linux Distros, such as BackTrack (Penetration Testing OS), Kali Linux (Advanced Penetration testing OS), and WifiWay (Wireless Penetration Testing OS); Linux OSes, such as Redhat, CentOS, Fedora, Ubuntu, Debian; Windows, such as Windows Server 2003, Windows Server 2008, and Windows Server 2012; and Windows Client OSes, such as Windows XP 2, XP 3, Vista, 7, and 8. He has undergone training for certifications such as CCNA (twice), RHCE Linux, MCSE 2003, and MCITP 2008 Server.

He is a blogger by interest and a penetration tester by choice. His websites include http://www.rohitpatel.in/, http://www.rohitpatel.biz/, http://www.rohitpatelgrkist.in/, http://www.rohitpatelgrkist.co.nr/, http://www.rohitpatel.net/, and http://www.rohitpatel.co.nr/.

Previous Section
Next Chapter