First of all, what is social engineering ? Social engineering is art of deception to harvest information from human vector or exploiting human weakness in order to gain information. In hacking cycle, social engineering is an optional step. It means it is not necessary to be done in order to hack into a system. Even though it is optional, social engineering holds a very important aspect which allow the hacker to gain an easier way to hack or when all step in hacking cycle fails, social engineering might be the last option in order to hack the system.
There are top 5 social engineering exploit that can be used :
1) Familiarity Exploit - Making yourself familiar to those you want to exploit and lower their guard. In a world of psychology, people react differently to other people according how close those people are. You can make yourself closer to your target by making yourself familiar to the target such as increasing the number of encounter, getting same interest and the most important thing is to not create a mindset of "Who is that and why is he here ?".
2) Creating a Hostile Situation - What it means by hostile situation is to create a situation which the atmosphere is tense such as angriness. This situation can be easily created or faked by a simple technique like when you have a phone cal with your target you fake a tense fight with someone else while still on the phone. By basic psychology, people will not like an angriness and will try to get rid of it, so people tends to follow your order when you are mad. Use this chance to exploit your target
3) Gathering and Using Information - Gather info as much as possible of your target. The more info you have about your target, the more possibilities that your social engineering to works. There are a lot of ways to gather information such as : Online site ( Facebook, Linked in, etc ), The target work place, asking target's friends or colleague.
4) Get a Job at your Target Workplace - If the payment of the penetration job is worth it, just get a job there. Most small to medium sized company will not do any background check on you, so you can easily get a job there without being afraid of your identity being compromised. Once inside, you can climb your way to earn their trust so you can get access to sensitive information. Once you get the information it wont'be hard for you to exploit it.
5) Reading Body Language - To be able to read a body language, you may need an advanced knowledge in psychology. But it is worth it. The basic explanation is to make your target comfortable as much as possible. When people get comfortable they will be talk more easily and they will feel more eager to help you without questioning your motives. By making them comfortable, you can basically exploit information from them.
According to this technique, someday maybe you can be the initiator of the social engineering or maybe you can be the target of social engineering. With this in mind, be careful about what information you share and do not give any information to people that is not authorised to know those information.
Tidak ada komentar: