background preloader

The Official Social Engineering Portal

The Official Social Engineering Portal
Social Engineering (SE) is both incredibly complex and amazingly simple. What really is social engineering? We define it as the act of manipulating a person to accomplish goals that may or may not be in the “target’s” best interest. This may include obtaining information , gaining access, or getting the target to take certain action. Due to the mystery surrounding this dark art many people are afraid of it, or they feel they will never be able to accomplish a successful social engineering test. However, every time you try to get someone to do something that is in your interest, you are engaging in social engineering.

http://www.social-engineer.org/

Related:  Penetration Testing Tools and How2sSocial Engineering_Social_EngineeringTRIER

Retina Network Community - BeyondTrust Retina Community gives you powerful vulnerability management across your entire environment. For up to 256 IPs free, Retina Community identifies network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments. Manage your network security with Retina Community. Metro styled user interface for streamlined vulnerability assessment, management and content related to database, workstation, server, and virtualized environmentsPerform free vulnerability assessment of missing patches, zero-days and insecure configurationsSimplify security assessment with user profiles that align to your job functionImprove risk management and prioritization with broad exploit identification from Core Impact, Metasploit, and Exploit-db.comFull Support for VMware environments, including online and offline virtual image scanning, virtual application scanning, and integration with vCenter.

Social engineering: 3 examples of human hacking Chris Hadnagy gets paid to fool people, and he's gotten pretty good at it over the years. A co-founder of social-engineering.org and author of Social Engineering: The Art of Human Hacking, Hadnagy has been using manipulation tactics for more than a decade to show clients how criminals get inside information. Hadnagy outlines three memorable stories of social engineering tests that he's included in his new book (you can also read a short excerpt), and points out what organizations can learn from these results. The Overconfident CEO In one case study, Hadnagy outlines how he was hired as an SE auditor to gain access to the servers of a printing company which had some proprietary processes and vendors that competitors were after. In a phone meeting with Hadnagy's business partner, the CEO informed him that "hacking him would be next to impossible" because he "guarded his secrets with his life."

Social engineering, hacking the human OS. Social engineering, sometimes called the science and art of human hacking, has become quite popular in recent years given the exponential growth of social networks, email and other forms of electronic communication. In the information security field, this term is widely used to reference an array of techniques used by criminals who obtain sensitive information or to convince targets to perform actions that could compromise their systems. With so many security products available today, it´s the end user who has the power. Be it a set of login credentials (username and password), a credit card number or bank account, most of the time the weakest link in the chain is not technological but human and when psychological manipulation takes place it’s extremely important to know what types of tricks are being used and how to prevent them. Social engineering is not new. “What I did in my youth is hundreds of times easier today.

Santa Claus confirms NSA attack on naughty or nice database By Joe McNamee A press conference was organised this morning on behalf of Mr Santa Claus. At the conference, a spokes–elf confirmed that there had been repeated attempts to hack the “naughty or nice (NON)” database. The NON-database was thought to be used by Mr Claus to keep records of young inhabitants of planet earth, in order to set gift-giving priorities on 6, 24 and 25 December each year. John the Ripper password cracker John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version's. Requires OpenSSL.

What is phishing? (definition of phishing, with examples) Phishing is a fraudulent attempt, usually made through email, to steal your personal information. The best way to protect yourself from phishing is to learn how to recognize a phish. Phishing emails usually appear to come from a well-known organization and ask for your personal information — such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services and companies with which you do not even have an account. The human OS: Overdue for a social engineering patch. It sounds like the operating system that really needs some serious security patches is the human one. While technology giants like Microsoft, Google and Apple regularly crank out updates, patches and fixes for zero-day vulnerabilities and other threats, the weakest link in the security chain – the careless or clueless employee – remains the weakest. That is in large measure because there is no technology that can prevent someone falling for increasingly sophisticated social engineering attacks. As has been regularly reported during the past year, some of the biggest data breaches in history have been launched by attackers fooling an employee. And that is despite years of exhortations by experts that worker security awareness training needs to be much more than a perfunctory lecture or PowerPoint presentation once every six months or so. In short, human hacking continues to be far too easy.

OWASP Zed Attack Proxy Project Involvement in the development of ZAP is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help: Feature Requests Please raise new feature requests as enhancement requests here: If there are existing requests you are also interested in then please 'star' them - that way we can see which features people are most interested in and can prioritize them accordingly. Social engineering attacks: Is security focused on the wrong problem? Malicious social-engineering attacks are on the rise and branching out far beyond simply targeting the financial sector. While some organizations develop employee-awareness training or solicit pen testing, or use some combination of the two, these preventive tactics can only go so far. Adopting a "know thy data" approach -- in terms of what it is, how valuable it is and where it is -- and then focusing on securing it may be the key to surviving the relentless onslaught of attacks.

Four of the newest (and lowest) Social Engineering scams. Your computer files are being held for ransom. Pay up, or lose them. Your bank account is being emptied, so click here to stop it. Your friend has died, click on this funeral home site for more information. Social engineering thugs have reached new lows. Social engineers, those criminals who take advantage of human behavior to gain access to data or infiltrate businesses, were once content to trick people with free offers or funny videos before unleashing their scams.

CenoCipher CenoCipher is a free, open-source, easy-to-use tool for exchanging secure encrypted communications over the internet. It uses strong cryptography to convert messages and files into encrypted cipher-data, which can then be sent to the recipient via regular email or any other channel available, such as instant messaging or shared cloud storage. Runs on all versions of Windows, and also on Linux using Wine.

Related: