Download
Introduction
This book contains instructions on how to perpetrate attacks with Kali Linux. These tasks are likely to be illegal in your jurisdiction in many circumstances, or at least count as a terms of service violation or professional misconduct. The instructions are provided so that you can test your system against threats, understand the nature of those threats, and protect your own systems from similar attacks.
The information security environment has changed vastly over the years. Now, in spite of having security policies, compliance, and infrastructure security elements such as firewalls, IDS/IPS, proxies, and honey pots deployed inside every organization, we hear news about how hackers compromise secured facilities of the government or of private organizations because of the human element involved in each activity.
Typically, employees are not aware of the tricks and techniques used by social engineers in which they can be used as mediators to gain valuable information such as credit card details or corporate secrets. The security of the entire organization can be at stake if an employee visits a malicious website, answers a social engineer's phone call, or clicks on the malicious link that he/she received in their personal or company e-mail ID.
This book discusses the different scenario-based social engineering attacks, both manual and computerized, that might render the organization's security ineffective. This book is for security professionals who want to ensure the security of their organization against social engineering attacks.
TrustedSec has come up with the wonderful tool Social-Engineering Toolkit (SET) with the vision of helping security auditors perform penetration testing against social engineering attacks. This book sheds light on how attackers get in to the most secured networks just by sending an e-mail or making a call
Sophisticated attacks such as spear-phishing attacks and web jacking attacks are explained in a step-wise, graphical format. Many more attacks are covered with a more practical approach for easy readability for beginners.
What this book covers
Chapter 1, Introduction to Social Engineering Attacks, introduces the concept of social engineering attacks, both manual and computerized, and the different phases involved. You will learn how to perform a credentials harvester attack and what counter measures need to be taken to make employees aware of such attacks and not to be deceived by the social engineer.
Chapter 2, Understanding Website Attack Vectors, discusses how a social engineer can get inside a computer system or network server by attacking elements of the application layer—web browsers and e-mail—to compromise the system and how to formulate new policies to make employees secure from these types of attacks.
Chapter 3, Performing Client-side Attacks through SET, guides you to perform client-side attacks through SET and discusses how to create listeners and payloads. It also sheds light on the different types of payloads, on bypassing AV signatures, and on some other advanced features of the SET toolkit. You will learn how a mass mailer attack is performed and how one can send spoofed SMS.
Chapter 4, Understanding Social Engineering Attacks, guides you through the methods of performing both technical and nontechnical social engineering attacks, such as performing identity theft, elicitation, and attacking a web browser and an application on a remote machine
What you need for this book
In order to practice the material, you will need virtualization tools such as VMware or VirtualBox with the Kali Linux operating system, along with an Internet connection.
Who this book is for
This book is for any ethical person with the drive, conviction, and willingness to think out of the box and learn about security testing. This book is recommended for anyone who receives and sends e-mails working in any position in an organization. If you are a penetration tester, security consultant, or just generally have an interest in testing the security of your environment against social engineering attacks, this book is for you.
