A Beginner's Guide to Social Engineering
by MrBr - November 15, 2019 at 11:46 PM
#1
Social Engineering

Suggested Reading: "Social Engineering: The Art of Human Hacking" 1st Edition
by Christopher Hadnagy

What is it?
The goal of an engineer is to provide a creative solution to a problem. Similarly, the goal of a social engineer is to create a desired solution for a problem in the social setting. You're just using your words to manipulate/influence/deceive somebody.

What's the point?
The strongest chain is still restrained by the weakest link. If you exploit that weak link, you break the chain and get access to what you wanted. Humans are the weak link, and trust is the exploit. I'm keeping this vague for the purpose that there is no limit to what you can achieve with social engineering. You could sell stolen goods to a cop, you could win over a friend, or become the best damn politician there is. For this reason, social engineering is one of the most powerful forms of hacking.
-------------------------------------------------------------------------------------------
How is it done?
There's too many methods to list them all (many, many more then would appear on google), but I will give a few examples. To give you a general idea of how it's performed, keep one subject in mind; manipulation. Almost any manipulative act that gives you power over another individual could be considered social engineering. To do this easily, one would put themselves in the mind of the person being manipulated. You must be able to profile the person, predict their thoughts, and guess their interests.

Example 1: Gaslighting
This is a method used to make somebody question their own sanity. You begin by telling blatant lies. This will "hack" the person, and make them wonder if what you're saying is true. After this, you deny everything the other person is says, even if they have proof. They will naturally fight you on most things. So break down the argument, and attack what's close to their heart to "win". Gradually, they will begin to believe some of the lies being told.

Example 2: Doublespeak
In your English 101 class, you might've learned about the words denotation and connotation. Denotation is a literal meaning of a word. Connotation are the feelings invoked by the word. Doublespeak builds off this concept. By using the right words, to invoke the right feelings, and persuade somebody to accept what you're saying as the truth. Which sounds more hurtful? "Your mother passed away in her bed last night..." or "Your mother died in her bed last night..."

Example 3: Phishing
I'm certain you've received a fake email, trying to get you to click a link, at some point in your life. The act of making this email, and using whatever tricks necessary to get you to click the link, is called phishing. These emails can look completely legitimate and appear to come from the senders email address. But the text can be copied, and a sending address can be spoofed. Don't click on an email, unless you're expecting one from somebody.

Example 4: Exploiting Human Curiosity
Many of us are on this forum to learn, a subset of curiosity. You might've went through countless E-Books, tutorials, and mentor ships to learn the methods you know. Sometimes, the people sharing this information will have malicious intent. You need to know where the information is coming from, and if they're reputable. One might put malware on a USB and leave it somewhere. Another might give you a free e-book and bind it with malware. Or you might be tempted to visit a website that steals personal/confidential information. Always be cautious, and check out the person sharing the information.
-------------------------------------------------------------------------------------------
General Prevention Techniques
-------------------------------------------------------------------------------------------
* "Trust me, trust nobody." -STEVEN J.J. WEISMAN *
* Learn to say "No" and standby it *
* Do not follow links from an unknown source *
* Monitor your accounts to catch suspicious transactions *
* Use websites with a HTTPS protocol *
* Reveal very few details about yourself on social media *
Reply
#2
Yet again, another helpful tutorial by you! Ngl you're one smart dude.
Reply
#3
really enjoyed your post wish there where more comments and content about this subject out there.
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
COMPLETE SOCIAL ENGINEERING COURSE BEST FOR SPAMMING 2020 pehservice007 461 43,450 Yesterday at 06:16 AM
Last Post: GateKeeper
JACK A DISCORD ACCOUNT WITH BASIC SOCIAL ENGINEERING (NOT TOKEN GRABBING) EternalExploit 211 28,534 November 27, 2021 at 08:25 PM
Last Post: 500
needing assistance (SE'ING/SOCIAL ENGINEERING, AMAZON). enough 0 245 November 13, 2021 at 10:43 AM
Last Post: enough

 Users browsing this thread: 1 Guest(s)