This book contains instructions on how to perpetrate attacks with Kali Linux. These tasks are likely to be illegal in your jurisdiction in many circumstances, or at least count as a terms of service violation or professional misconduct. The instructions are provided so that you can test your system against threats, understand the nature of those threats, and protect your own systems from similar attacks.
The information security environment has changed vastly over the years. Now, in spite of having security policies, compliance, and infrastructure security elements such as firewalls, IDS/IPS, proxies, and honey pots deployed inside every organization, we hear news about how hackers compromise secured facilities of the government or of private organizations because of the human element involved in each activity.
Typically, employees are not aware of the tricks and techniques used by social engineers in which they can be used as mediators to gain valuable information such as credit card details or corporate secrets. The security of the entire organization can be at stake if an employee visits a malicious website, answers a social engineer's phone call, or clicks on the malicious link that he/she received in their personal or company e-mail ID. This book discusses the different scenario-based social engineering attacks, both manual and computerized, that might render the organization's security ineffective.
This book is for security professionals who want to ensure the security of their organization against social engineering attacks.
TrustedSec has come up with the wonderful tool Social-Engineering Toolkit (SET) with the vision of helping security auditors perform penetration testing against social engineering attacks. This book sheds light on how attackers get in to the most secured networks just by sending an e-mail or making a call.
Sophisticated attacks such as spear-phishing attacks and web jacking attacks are explained in a step-wise, graphical format. Many more attacks are covered with a more practical approach for easy readability for beginners.
Chapter 1, Introduction to Social Engineering Attacks, introduces the concept of social engineering attacks, both manual and computerized, and the different phases involved. You will learn how to perform a credentials harvester attack and what counter measures need to be taken to make employees aware of such attacks and not to be deceived by the social engineer.
Chapter 2, Understanding Website Attack Vectors, discusses how a social engineer can get inside a computer system or network server by attacking elements of the application layer—web browsers and e-mail—to compromise the system and how to formulate new policies to make employees secure from these types of attacks.
Chapter 3, Performing Client-side Attacks through SET, guides you to perform client-side attacks through SET and discusses how to create listeners and payloads. It also sheds light on the different types of payloads, on bypassing AV signatures, and on some other advanced features of the SET toolkit. You will learn how a mass mailer attack is performed and how one can send spoofed SMS.
Chapter 4, Understanding Social Engineering Attacks, guides you through the methods of performing both technical and nontechnical social engineering attacks, such as performing identity theft, elicitation, and attacking a web browser and an application on a remote machine.
In order to practice the material, you will need virtualization tools such as VMware or VirtualBox with the Kali Linux operating system, along with an Internet connection.
This book is for any ethical person with the drive, conviction, and willingness to think out of the box and learn about security testing. This book is recommended for anyone who receives and sends e-mails working in any position in an organization. If you are a penetration tester, security consultant, or just generally have an interest in testing the security of your environment against social engineering attacks, this book is for you.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "You can simply invoke it through command line using the command se-toolkit."
Any command-line input or output is written as follows:
/usr/share/set# ./set root@Kali:/usr/share/set/# python set
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "We will be using a Credentials Harvester attack that comes under Website Attack Vectors".
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.