Ethical Hacking: Social Engineering

Pluralsight is not an official partner or accredited training center of EC-Council. This course will teach you about social engineering techniques attackers use to compromise systems, and the tools you can use to fight back.
Course info
Rating
(104)
Level
Beginner
Updated
Feb 4, 2016
Duration
4h 36m
Table of contents
Humans: The Soft Center Within the Hard Shell
A Walkthrough of a Social Engineering Attack
Reconnaissance and OSINT
Phishing Attacks
Identity Theft and Impersonation
Social Engineering Countermeasures
Description
Course info
Rating
(104)
Level
Beginner
Updated
Feb 4, 2016
Duration
4h 36m
Description

Pluralsight is not an official partner or accredited training center of EC-Council. Security defenses within information systems focus primarily on technology controls, that is, security is implemented within physical appliances and software. These controls are frequently bypassed when the humans themselves are compromised by a social engineering attack. Social engineering involves compromising the individuals that use these systems. Attackers look to exploit weaknesses in human nature and coerce people into performing actions which give the attacker an advantage. In this course, we'll look at various different social engineering techniques that can be used to compromise systems. We'll also look at both computer-based and behavior-based tools to help defend against this risk. This course is part of the Ethical Hacking Series. http://blog.pluralsight.com/learning-path-ethical-hacking

About the author
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Modern Browser Security Reports
Beginner
57m
3 Aug 2018
More courses by Troy Hunt
Section Introduction Transcripts
Section Introduction Transcripts

A Walkthrough of a Social Engineering Attack
In this module, we're going to start looking at a real live social engineering attack. We're going to take many of the attributes that we observed in the previous modal, things like those exploitable human behaviors, and look at how they're actually used in a human-based social engineering attack in a real live scam. Let's look at what we're going to cover in the module. One of the things I touched on briefly in the previous module, is that often we see these exploits chained together. So these various social engineering techniques, such as exploiting different weaknesses within humans, we'll see these joined together in order to mount a successful social engineering attack. We're going to see a lot of that in just a moment. Often, these attacks are very carefully honed. The social engineer has practiced it time and time again, and in fact, you'll find it's regularly a repeatable process. They've done it enough times, that they know how people might respond, and how they should adapt the attack in order to cater for those various eventualities. Now we can observe these behaviors ourselves, by going back and looking at real-world attacks. And that's exactly what we're going to do in this module. We're going to go through a real-world social engineering attack, one that someone attempted to mount against me. Let's go and have a look at the case study we're going to cover.

Social Engineering Countermeasures
In this module we're going to start to take a look at how we can defend against the threat of social engineering. That means it's time to talk about countermeasures, and we're going to look at a whole bunch of different approaches. Let's go and take a look at what I'll cover in the module. So firstly, when we talk about countermeasures for social engineering, we need to look at both electronic and social countermeasures. So what can we implement at the system level? How can we use technology to defend against this risk? But also, how can we address it socially? So how can we get the people who are the targets of social engineering to be more resilient to the threat? It's important that we look at both options. And as with many things in security, we want to look at defense in depth. Let's make sure we have both of these, electronic and social defenses. Some of the defenses that you're going to see in this module really are just common sense and when you see them you'll probably think that they are pretty obvious. Yet they are defenses against threats that we've looked at throughout this course and threats that do occur in the real world. You'll particularly see what I mean as we get into the section on record destruction. Along with all this, we are going to be looking at the sort of countermeasures that we can build into our systems at the software layer. Not necessarily always to stop social engineering from happening at all, but sometimes to minimize the risk of it or to better enable us to respond when a social engineering attack does occur. That's going to give us a pretty good breadth of defenses that we're going to cover in this module. Let's jump into it and we'll start looking at some of those electronic defenses, particularly defenses in the browser and email clients.