Monday, February 27, 2012

Social Engineering ~ Definition and Tool

In this post I'll explain about the definition of social engineering and the tools to do it. Although its only a little and not in detail, but I think its enough to help you understand better about Social Engineering.

Lets talk about vulnerability first.
Vulnerability, is a weak point that exist on a system. This vulnerability is not only on the hardware and software, but also on the environment, the network and also the administrator/user. Social Engineering is the technique to attack the human vulnerability, usually the biggest vulnerability that exist on the human is the Low Security Awareness. 

People nowadays is too brave, use short password, low network security, old system, etc. "There is no patch for human stupidity..", there are no vendor and developer that develop a patch for human stupidity, its the human itself that must be aware of the information security. Social Engineering is the art of deception, which is the best way to exploit the human vulnerability.

And then, what is the tool for Pentesters to help he/she to perform a nice, well planned Social Engineering attack? There is a tools called SET(Social Engineering Toolkit). 

It is a multi-function an easy to use information security software to help pentesters to prepare and perform the most effective way of exploiting the client-side application vulnerabilities. Also can be used to capture target's confidential information (ex. username, password). The attack vector provided by SET, like Site Cloner, E-mail phising, Java applet attack, browser-based attack, mass-mailer attacks if combined correctly can perform an advanced attack against the human vulnerability.

0 comments:

Post a Comment