Human Beings and their vulnerabilities have always been one of the loop holes in IT security. Even though the technology; software, networks and hardware, have hardened, attackers are using common people, exploiting the lack of their knowledge to get what they want. Tricking people to do what they are not supposed to do – Social Engineering.
In the year 2017, we saw some of the most trickiest social engineering attacks in the history. Attackers used social engineering techniques leveraging fear of wannacry ransomware in peoples mind to send spam mails and perform phishing attacks to harvest user credentials. During another wave, hackers used Social Engineering to spread an Advanced version of RAT which could act as a Keylogger, capture screen and webcam, record voice, file browse, access command shell and all the common functions that can be performed by a RAT; named KHRAT across Cambodia. These are just a few.
Phishing attack is a type of social engineering attack, where the attackers try to obtain user data such as login usernames and passwords, card numbers and other personal details by creating a fake login page that looks exactly the same as that of the real one.[AdSense-C]One way of executing this attack is the attackers drafts an E Mail or SMS, masquerading as a trusted entity, including convincing contents, a link to the fake page and send it to the victims. When the user opens the mail and click on the malicious link, he will be redirected to the fake page and enter sensitive information. Sometimes, this may lead to devastating results.
Using a login username and password has been the most widely used method for authentication and gaining entry to personal stuffs. But, as mentioned above, it is still vulnerable to Social Engineering Attacks. So it is always a good idea to add one more level of authentication, proving that it is really the right person who is requesting access to the data.
We could use “something we are”, such as a fingerprint or retina pattern, or “something we have”, like an access control card, a token or a USB Key. Two-factor authentication means using any of the two from below 3
Two-factor authentication provides much stronger guarantees when compared to using just one of these means of authentication. In most websites, commonly used 2FA method is using a Login Username and Password and a One Time Password which is sent to our mobile phones or Email. These OTP expires in a short span of time and could not be reused again. In order defeat the two factor authentication, we have to do real time attacks.
Fireye has come up with a new tool, named ReelPhish that enables us to do real time social engineering assessments. This tool works in 4 steps.
All the communication will be take place over a secure SSH channel.
The tool is available in the Github. You can download it by clicking the below button.[AdSense-A]Download
Now you will have to install selenium and other dependencies, for that, go inside the folder and run
pip install -r requirements.txt
Now the last thing to do is download and setup the Driver for your Browser.
Discover creative ways to recycle old electronics into new, useful gadgets. Turn your electronic waste…
Explore the top 10 advanced LED projects that go beyond basic lighting. Perfect for electronics…
The integration of UV resin into the PCB production process represents a great achievement and…
Discover essential tips for electronics engineering graduates to gain practical experience, from internships to DIY…
Learn essential tips on setting up your workspace, choosing the right tools, and starting your…
The electronics sector is about to undergo a revolutionary period that will be characterized by…