Sunday, October 7, 2012

Social Engineering Techniques & Attack Examples

Yesterday I received an Email from one of our reader regarding, "How I can perform social engineering attack?"

While reading books on Social Engineering, I have found few very nice attack methods which I would like to share with you guys. PLS USE AT YOUR OWN RISK.


During a penetration test on the physical security of an organization, if social engineering is used,
the penetration tester directly interacts with the employees. These interactions are usually based on deception and if not done properly can upset the employees, violate their privacy or damage their trust towards the organization, leading to law suits and loss of productivity of the organization.

METHOD-1: Below is step by step method.
This method consists of four different characters

Security officer - an employee responsible for the security of the organization. The security officer orchestrates the penetration test.

Custodian - an employee who owns the assets, sets up and monitors the penetration test.

Penetration tester - This is the person who will perform SOCIAL ENGINEERING ATTACK.

Employee - person in the organization who has none of the roles above.




Below Tricks you can use If you are really hungry.

METHOD-2: You can go into a self-service cafeteria and finish the meal of someone who left a lot on the plate. Self-service restaurants are usually good places to cop things like mustard, ketchup, salt, sugar, toilet paper, silverware and cups for home use. Bring an empty school bag and load up after you've cased the joint. Also, if you can stomach the food, you can use slugs at the automat. Finishing leftovers can be worked in even the fanciest of restaurants. When you are seated at a place where the dishes still remain, chow-down real quick. Then after the waitress hands you the menu, say you have to meet someone outside first, and leave.

METHOD-3: In fancy sit-down restaurants, you can order a large meal and halfway through the main course, take a little dead cockroach or a piece of glass out of your pocket and place it deftly on the plate. Jump up astonished and summon the headwaiter. "Never have I been so insulted. I could have been poisoned" you scream slapping down the napkin. You can refuse to pay and leave, or let the waiter talk you into having a brand new meal on the house for this terrible inconvenience.

NOTE: In all these methods, you should leave a good tip for the waiter or waitress, especially with the roach-in-the-plate gambit. You should try to avoid getting the employees in trouble or screwing them out of a tip.

METHOD-4: One fantastic method of not only getting free food but getting the best available is the following technique that can be used in metropolitan areas. Look in a large magazine shop for gourmet digests and tourist manuals. Swipe one or two and copy down a good name from the masthead inside the cover. Making up a name can also work. Next invest 50/- RS to print business cards with the name of the magazine and the new "associate editor." Call or simply drop into a fancy restaurant, show a copy of the magazine and present the manager with your card. They will insist that the meal be on the house.

In the same manner, you can also perform your attacks.

No comments:

Post a Comment