Monday, April 2, 2012

Social engineering- The art of human hacking


you might be confused that why this thing is here right ? social engineering is also a type of hacking with humans. so i thought lets do something new!!


the official portal of social engineering defines it like this.....

Social Engineering (SE) is both incredibly complex and amazingly simple.
What really is social engineering? We define  it as the act of manipulating a person to accomplish goals that may or may not be in the “target’s” best interest. This may include obtaining information, gaining access, or getting the target to take certain action.

Due to the mystery surrounding this dark art many people are afraid of it, or they feel they will never be able to accomplish a successful social engineering test. However, every time you try to get someone to do something that is in your interest, you are engaging in social engineering. From children trying to get a toy from their parents to adults trying to land a job or score the big promotion, all of it is a form of social engineering.
so why i am posting this is because you can try something new and interesting thing and i am also personally interested in this method of hacking. So how you can start Social engineering
it totally depends on your mind power and observation  power . you need to think how humans behave in what type of situation for eg in a bomb blast every body wants safety people think that they are insecure ? so a good social engineer will try to feel people that they are secure like winning trust on people and they think that he cares about US or me, remember social engineering is not like cheating people or frauding them in traps etc.its just for educational knowledge
think of a salesmen or a TV advertisements they are perfect examples of social engineering on people to sell their products,
Wikipedia defines it like this
" it is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim." Although it has been given a bad name by the plethora of "free pizza", "free coffee", and "how to pick up chicks" sites, aspects social engineering actually touches on many parts of daily life. Many consider social engineering to be the greatest risk to security "
So sometimes it become more easy with Facebook ..HOW??
consider a scenario where a girl is chatting with a boy (a classic example where girl is thought to be SEr)
so from starting if the girl didnt knew the boy in real life then the boy is surely going to do some flirt (for common people) and the girl gets most common and basic details by using some special word etc(you know that)
so what are we talking here
basically what i think SE is like telling some one that hey i am here for you..
mostly strangers need more time than known ones to get SEd,
mostly sometimes its like feeling of commonness for eg a person from india has went to london or america or some where else and some person from india meets him and asks are you indian he says yeah i am indian and nice to meet you and so on...
another example
like someone who meets a guitarist or a singer and says i am also a guitarist or something else so they feel more power-full as they have same type of hobbies
other thing i learned from (Ashish mistry he is a grest SE and IT security specialist )that SEers that they learn your local language to become more closer to you.
if you want to do more research on it then  visit this sites will post more after some time.
and like fingerprinting you should have good background information about victim. and yeah kevin mitnik was considerd one of the best social engineer of his time
1st hope number 6
2nd social-engineer
3rd its about how humans behave and react  2knowmyself

0 comments:

Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More