This covers the basics of Social Engineering, different attack vectors that have worked with real world examples from friends currently conducting such tests, provide different sources to gather information on this topic, and present ways to prevent such attacks from happening in the future.

1. Social Engineering 101 or The
Art of How You Got Owned by
That Random Stranger
BY: Steven Hatfield aka @drb0n3z

2. LEGAL DISCLAIMER

3. Social Engineering 101
▪ Definitions
▪ History
▪ Social Engineering Framework
▪ SET – Social Engineering Toolkit
▪ Categories
▪ Examples
▪ Protection
▪ Resources
▪ Questions

4. Definition
▪ Social Engineering (SE) is a blend of science, psychology and art. While
it is amazing
and complex, it is also very simple.
▪ We define it as, “Any act that influences a person to take an action
that may or may not be in their best interest.” We have defined it in
very broad and general terms because we feel that social engineering
is not always negative, but encompasses how we communicate with
our parents, therapists, children, spouses and others.
http://www.social-engineer.org/

5. Definition
▪ Social engineering is the art of manipulating people so they give up
confidential information. The types of information these criminals are
seeking can vary, but when individuals are targeted the criminals are
usually trying to trick you into giving them your passwords or bank
information, or access your computer to secretly install malicious
software–that will give them access to your passwords and bank
information as well as giving them control over your computer.
http://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering

7. History
The term sociale ingenieurs was introduced in an essay by the Dutch industrialist J.C. Van Marken in 1894. The
idea was that modern employers needed the assistance of specialists—"social engineers"—in handling
the human problems of the planet, just as they needed technical expertise (ordinary engineers) to deal with the
problems of dead matter (materials, machines, processes). The term was brought to America in 1899, when the
notion of "social engineering" was also launched as the name of the task of the social engineer in this sense.
"Social engineering" was the title of a small journal in 1899 (from 1900 named "Social Service"), and in 1909 the
title of a book by its former editor, William H. Tolman (translated in French in 1910), marking the end of the
usage of the terminology in the sense of Van Marken. With the Social Gospel sociologist Edwin L. Earp'sThe
Social Engineer, published during the "efficiency craze" of 1911 in the U.S., the usage of the term was launched
that has since then been standard: the one building on a metaphor of social relations as "machineries", to be
dealt with in the manner of the technical engineer.
https://en.wikipedia.org/wiki/Social_engineering_(political_science)#History

8. Social Engineering Framework
•Social Engineering Defined
•Categories of Social Engineers
• Hackers
• Penetration Testers
• Spies or Espionage
• Identity Thieves
• Disgruntled Employees
• Information Brokers
• Scam Artists
• Executive Recruiters
• Sales People
• Governments
• Everyday People
•Why Attackers Might Use Social Engineering
•Typical Goals
•The Attack Cycle
•Common Attacks
• Customer Service
• Delivery Person
• Phone
• Tech Support
•Real World Examples
• Con Men
• Crime Victims
• Phishing
• Politicians
http://www.social-engineer.org/framework/general-discussion/

9. SET – Social Engineer Toolkit
https://www.trustedsec.com/social-engineer-toolkit/
The Social-Engineer Toolkit (SET) was created and written by the
founder of TrustedSec. It is an open-source Python-driven tool aimed at
penetration testing around Social-Engineering. SET has been presented
at large-scale conferences including Blackhat, DerbyCon, Defcon, and
ShmooCon. With over two million downloads, SET is the standard for
social-engineering penetration tests and supported heavily within the
security community.
The Social-Engineer Toolkit has over 2 million downloads and is aimed
at leveraging advanced technological attacks in a social-engineering
type environment. TrustedSec believes that social-engineering is one of
the hardest attacks to protect against and now one of the most
prevalent. The toolkit has been featured in a number of books including
the number one best seller in security books for 12 months since its
release, “Metasploit: The Penetrations Tester’s Guide” written by
TrustedSec’s founder as well as Devon Kearns, Jim O’Gorman, and Mati
Aharoni.

10. SOCIAL ENGINEER TOOLKIT

11. Examples - Common
• Customer Service
• Delivery Person
• Phone
• Tech Support
• Con Men
• Crime Victims
• Phishing
• Politicians

12. Examples - Real World
•The Overconfident CEO
In one case study, Hadnagy outlines how he was hired as an SE
auditor to gain access to the servers of a printing company
which had some proprietary processes and vendors that
competitors were after. In a phone meeting with Hadnagy's
business partner, the CEO informed him that "hacking him
would be next to impossible" because he "guarded his secrets
with his life.“
"He was the guy who was never going to fall for this," said
Hadnagy. "He was thinking someone would probably call and
ask for his password and he was ready for an approach like
that.“
…
http://www.csoonline.com/article/2126983/social-engineering/social-engineering--3-examples-of-human-hacking.html

13. Examples - Real World
•The theme-park scandal
http://www.csoonline.com/article/2126983/social-engineering/social-engineering--3-examples-of-human-hacking.html
The target in this next case study was a theme park client that
was concerned about potential compromise of its ticketing
system. The computers used to check-in patrons also contained
links to servers, client information and financial records. The
client was concerned that if a check-in computer was
compromised, a serious data breach might occur.
Hadnagy started his test by calling the park, posing as a
software salesperson. He was offering a new type of PDF-
reading software, which he wanted the park to try through a
trial offer. He asked what version they were currently using, got
the information easily, and was ready for step two.
…

14. Examples - Real World
•The hacker is hacked
http://www.csoonline.com/article/2126983/social-engineering/social-engineering--3-examples-of-human-hacking.html
Hadnagy gives a third example showing how social engineering
was used for defensive purposes. He profiles 'John,' a
penetration tester hired to conduct a standard network pen
test for a client. He ran scan using Metasploit, which revealed
an open VNC (virtual network computing) server, a server that
allows control of other machines on the network.
He was documenting the find with the VNC session open when,
suddenly, in the background, a mouse began to move across
the screen. John new it was a red flag because at the time of
day this was happening, no user would be connected to the
network for a legitimate reason. He suspected an intruder was
on the network.
…

15. Examples - Real World
•Price-Matching Scam

16. Examples - Real World
•Evil Maid attacks

17. Examples - Real World
•Stuxnet
…
Stuxnet – delivered via USB sticks left around the Iranian site in
a classic "social engineering" attack – used unpatched Windows
vulnerabilities to get inside the SCADA at Iran's Natanz
enrichment plant. It then injected code to make a PLC speed up
and slow down centrifuge motors – wrecking more than 400
machines. Siemens made both the SCADA (WinCC) and the PLC
(S7-300) attacked by Stuxnet.
…
http://www.newscientist.com/article/dn20298-stuxnet-analysis-finds-more-holes-in-critical-software.html

18. Examples - Real World
•Sing-o-gram - Michelle from SE crew
…
Next, Chris and I packed our dark glasses and super-spy cameras and headed to the client’s
locations. Four buildings, three days, two states, no sleep. This particular client faces some big
challenges when it comes to physical plant security, not the least of which is sharing buildings with
other companies and retailers open to the general public. Despite having a great physical security
team and RFID badging, we were able to gain access to most of their secured locations pretexting
as inspectors and yes, a singing telegram (I’ll let you guess who got to do that one). We didn’t
really need to do a lot of sneaky stuff; we took advantage of high traffic times and locations, acted
like we belonged there, and exploited people’s general helpfulness. Using these principles, we
accessed areas such their corporate mailroom, NOC, and executive offices and roamed freely
without ever being stopped.
…
http://www.social-engineer.org/newsletter/social-engineer-newsletter-vol-05-issue-57/

19. Examples - Real World
•News Reporter - “Bob”
“I've gotten myself into a building by claiming to be interviewing them for a blog and
then spending all day taking pictures and plugging flashdrives in to “print stuff“”

20. Protection
Obviously, never give out confidential information.
Safeguard even inconsequential information about yourself.
Lie to security questions, and remember your lies.
View every password reset email with skepticism.
Watch your accounts and account activity.
Diversify passwords, critical services, and security questions.

21. Resources
http://www.social-engineer.org/
https://www.trustedsec.com/social-engineer-toolkit/
http://shop.riftrecon.com/products/art-of-escape