SOCIAL ENGINEERING

What kind of Engineering is this ?

Social engineering is the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim. This also refers to Reverse Engineering.

Phishing:

Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate bank or credit card company, requesting verification of information and warning of some dire consequence if it is not provided.

The e-mail usually contains a link to a fraudulent web page that seems legitimate with company logos and content and has a form requesting everything from a home address to an ATM card's PIN. 



  


Pretexting:

This technique can be used to trick a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from junior company service representatives.

A high profile case of pretexting occurred in 2006 in which HP hired private investigators to investigate a large leak of confidential information. The private investigators impersonated HP board members and several journalists in attempts to gain call records and other personal information.

 
Vishing:

Vishing or Phone Phishing is the criminal practice of using social engineering over the telephone system, most often using features facilitated by Voice over IP (VoIP), to gain access to private personal and financial information from the public for the purpose of financial reward.

This technique uses a rogue Interactive voice response (IVR) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system.

 
Baiting:

Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim.
In this attack, the attacker leaves a malware infected floppy disk, CD ROM, or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device.

 

Notable Social Engineers:

Kevin David Mitnick (born August 6, 1963) is a computer security consultant and author. In the late 20th century, he was convicted of various computer- and communications-related crimes. At the time of his arrest, he was the most-wanted computer criminal in the United States.

He popularized the term social engineering, pointing out that it is much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.

Films on Social Engg:

Catch Me If You Can is a 2002 American biopic-crime film based on the life of Frank Abagnale Jr., who, before his 19th birthday, successfully conned millions of dollars by posing as a Pan American World Airways pilot, a Georgia doctor and Louisiana attorney and parish prosecutor.

His primary crime was cheque forgery, becoming so skillful that the FBI eventually turned to him for help in catching other cheque forgers.

 
Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

RAT

• What is a RAT?

A Remote Administration Tool (known more commonly on the Internet as a RAT) is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:

1. Screen/camera capture or control
2. File management (download/upload/execute/etc.)
3. Shell control (usually piped from command prompt)
4. Computer control (power off/on/log off)
5. Registry management (query/add/delete/modify)
6. Other product-specific function

It has many purposes, most importantly the power to gain access remotely to another user's PC.

• Virtual Network Computing:

VNC is remote control software which allows you to view and fully interact with one computer desktop (the "VNC server") using a simple program (the "VNC viewer") on another computer desktop anywhere on the Internet. The two computers don't even have to be the same type, so for example you can use VNC to view a Windows Vista desktop at the office on a Linux or Mac computer at home. For ultimate simplicity, there is even a Java viewer, so that any desktop can be controlled remotely from within a browser without having to install software.

A VNC system consists of a client, a server, and a communication protocol.

• The VNC server is the program on the machine that shares its screen. The server passively allows the client to take control of it.
• The VNC client (or viewer) is the program that watches, controls, and interacts with the server. The client controls the server.
• The VNC protocol (RFB) is very simple, based on one graphic primitive from server to client ("Put a rectangle of pixel data at the specified X,Y position") and event messages from client to server.

• VNC Applications:

VNC has a wide range of applications including system administration, IT support and helpdesks. It can also be used to support the mobile user, both for hot desking within the enterprise and also to provide remote access at home, or on the road. The system allows several connections to the same desktop, providing an invaluable tool for collaborative or shared working in the workplace or classroom. Computer support within the geographically spread family is an ever popular use.

For the individual user, one common scenario is using VNC to help troubleshoot the computer of a distant less-technically-savvy relative. A very common business application of VNC is in remote system administration, where it is used to allow administrators to take control of employee machines to diagnose and fix problems, or to access and administer server machines without making a trip to the console.

VNC is widely used in educational contexts, for example to allow a distributed group of students simultaneously to view a computer screen being manipulated by an instructor, or to allow the instructor to take control of the students' computers to provide assistance.

Download: Click HERE to download a copy of TightVNC.



Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...

KEY LOGGER

• What is Key Logger?

Keystroke Logger or Key Logger is an application for tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis.

• Software-based keyloggers:

Keylogger surveillance software has the capability to record keystroke/captures Screen Shots and save it to a log file (usually encrypted) for future use. Captures every key pressed on the computer viewed by the unauthorized user. Key logger software can record instant messages, e-mail and any information you type at any time on your keyboard. The log file created by the key logger can then be saved to a specific location or mailed to the concerned person. The software will also record any e-mail address you use and Website URLs visited by you.

• Why you need Key Logger?

Have you ever questioned what your spouse, kids or employees have been doing on the computer? Is your child misusing the internet facility and taking secret chat with the stranger? Are your employees mailing your business data to your competitors? If you wonder how to tackle these serious issues, you need our key logger software.

The key logger product allows you to secretly monitor and record user's activities and captures Screen shots on the computer PCs. With this software, you will be able to see exactly what people have been doing online and offline, including e-mails, websites visited, applications executed, and keystrokes including username-password, online conversations (G-mail, MSN, Hotmail, Yahoo Messenger etc.) and other similar activities. This tool can run in a stealth mode and is password protected, so no one except you is aware of their existence and the password safeguards other people from uninstalling it.

• Key Logger features:

1. Key Stroke Recording:

Record all typed keystrokes by the users on computer!

2. Hidden Installation:

Users can not detect about the key logger installation on the computer!

3. Stealth Mode:

Key Logger will not appear on the Desktop, Add/Remove Programs, Control panel and even hidden in installation path folders.

4. Screen-Shot Monitoring:

Facilitate to capture entire screen snap-shots periodically so that you can see what was being displayed on computer screen in your absence when other user was working on your machine.

5. Email Log and FTP settings:

Allows receiving log files through email feature or can upload logs via FTP server settings even if you are thousand miles away.

6. Password Protected:

The keylogger software is password protected and prevents the unauthorized users to change its configuration setting.

• Hardware-based keyloggers:

Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system.


Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and the computer, typically inline with the keyboard's cable connector.

A hardware keylogger has an advantage over a software solution: it is not dependent on being installed on the target computer's operating system and therefore will not interfere with any program running on the target machine.

Download: I've tested approx 50 Keyloggers... I found KIDLOGGER which works fine and is fully undetectable by any Anti-virus software...

• Protection :

1. Check the Task Manager. Examine all the Applications, Processes & Services running.

2. Use the system configuration utility (msconfig) to determine which task are loaded at start-up.

3. Install a good anti-spyware program in your system like SUPERAntiSpyware and scan your system regularly.

4. KeyScrambler is a program which encrypts your keystrokes to defeat known and unknown keyloggers.

Download: Click here to download KeyScrambler.



Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...