Every Social Engineering attack is unique, but with a little understanding of the situations encountered, we can draft a rough the cycle of all the activities that a Social
The engineering project goes through leading to a successful outcome. The below figure shows a general representation of the Social Engineering Life Cycle in four main stages:
FootPriniting>>>>Establishinh Trust>>>>>Psychological Manipulation>>>>EXIT
1. Footprinting: It is the technique of accumulating information regarding the target(s) and the surrounding environment. Footprinting can reveal the individuals related to the target with whom the attacker has to establish a relationship, so as to improve the chances of a successful attack.
The information-gathering during the Footprinting phase includes but is not limited to: List of employee names and phone numbers Organization Chart Department Information Location information Footprinting generally refers to one of the pre-attack phases; tasks performed prior to doing the actual Social Engineering attack. Some of the tools like creepy, SET and Maltego makes Social Engineering engagements easier.
2. Establishing Trust: Once the possible targets have been listed out, the attacker then moves on to develop a relationship with the target who is usually an employee or someone working in the business so as to develop a good rapport with them. The trust that the social engineer is gaining will later be used to unveil
confidential pieces of information that could cause severe harm to the business.
3. Psychological Manipulation: In this step, the social engineer manipulates the trust that he has gained in the previous phase so as to extract as much confidential information or get sensitive operations related to the target system performed by the employee himself so as to penetrate into the system with much ease. Once all the required sensitive information has been collected, the social engineer may move on to the next target or move towards exploiting the actual system under consideration.
4. The Exit: Now, after all the actual information has been extracted, the Social Engineer has to make a clear exit in such a way so as not to divert any kind of unnecessary suspicion to himself. He makes sure to not leave any kind of proof of his visit that could lead a trace-back to his real identity nor link him to the unauthorized entry into the target system in the future.
#cybersecurity #hacking #security #technology #hacker #infosec #tech #ethicalhacking #programming #linux #hackers #cyber #kalilinux #cybercrime #malware #python #privacy #it #iot #cyberattack #coding #dataprotection #hack #ethicalhacker #networking #informationsecurity #cybersecurityawareness #programmer #datasecurity #bhfyp
Comments
Post a Comment