As many of you know, social engineering can prove to be very effective. But a social engineering attack is only as good as the engineer. Every successful hack must be backed by reconnaissance, this even applies to social engineering. This type of reconnaissance is slightly different however, it isn't recon of the machine, but of the user. Recon for social engineering can be done thorough watching the user's activity, seeing what sites they visit, and if they exhibit certain kinds of behavior. These are some of the things we'll be discussing here.
Doing Reconnaissance
For recon, we simply need to watch the user, and to look for signs of certain personality traits. For example, if we're watching a victim's web traffic through a MitM, we can gain a better understanding of the way that user thinks.
Evaluating Behavior
By understanding the user's behavior, we can build a better attack. For example, if a user exhibits erratic behavior, we'll need to build something more eye catching to attract their attention. The best thing to watch for when evaluating behavior is patterns. If you manage to identify enough patterns, you can get a good idea of a person's traits.
Exploiting Vulnerabilities
People are vulnerable, much like the systems they use. If you can identify a person's traits, you can build an attack optimized for them. By doing thorough reconnaissance and evaluating the user's behavior, you can find vulnerabilities in the person.
So, in summary, social engineering can be taken to the next level with the addition of some simple psychology. Learning more types of behaviors will increase your arsenal of exploits.
This is simply an introduction to a much larger topic, there are many different behavior types that have an array of ways to exploit them.
Thank you for reading!
-Defalt
7 Responses
Kudos +1
Great intro to social engineering! It discussed many important key factors.
Tip: Add pictures in your posts, also give examples! It really helps us noobs out! :)
Thanks for posting!
This is awesome. I think there should be more tutorials on social engineering because it is such a viable skill in hacking and in life in general. +1 ;)
Robyn
I agree! Social engineering is a key component in hacking.
One of the weakest links I have found are humans. We are so easily tricked it is crazy. As an aspiring pentester I have spent alot of time refining my social engineering skills
Defalt?! What a name :P Nice steal from watchdogs xD if that is where you got it from... and they didn't steal it from you :P
social engineering is usual started by gathering information out of your targets/clients and than you build start building a rapport with them... slowly exploit their mental/vulnerable flaws in their mind
Very useful, helped a lot, thanks! +1
Share Your Thoughts