28c3 version of "the engineering part of social engineering"
TRANSCRIPT
The engineering part of social engineering
or why just lying your way in don't get you anywhere.
aluc#
I’m Aluc
I’m a old hacker who loves the blood of your network
Preface:
What is Social Engineering?
*Social: (adjective 1 relating to society, its organization, or hierarchy. 2 needing companionship; suited to living in communities.)
*Engineering: (the branch of science and technology concerned with the design, building, and use of engines, machines, and structures.)
*Taken from Oxford Dictionary... And then from Chris Nickerson ;)
Needed Skillset: physical Logical
Customer Preparation
theoretical models of attack check the customer needs by his businessl Contract -good fences make good neighbours!
Needed physical/psychical Skillset:
understanding of craftsmanship ideal life experiences as electrician, telephone cable guy or computer mechanic
lock picking in hostile environment Physical Security good rhetoric understanding of the person you approach an understanding of human psychology Neuro-Linguistic Programming (NLP) ideal Hypnosis
Everyone talks about NLP, what is this?
NLP is a communications model created in the early 70’s by John Grinder, David Gordon and Richard Bandler. The basis of their work are the analyses of the work of the therapists Fritz Perls, Virginia Satir and Milton H.Erickson.
The N stands for the flow of Neurologic processes in the human brain
The L stands for Linguistic, which is our capability to speak
The P stands for Programming, which means the change of the “inner program” of a human
The Modeling:“Modeling is the process of creating useful
maps of human experiences. (abilities)” --David Gordon
In this process you want to find out how your brain operates by analyzing the
pattern of verbal and nonverbal communication. The outcome can be used for step by step guides to transfer skills from one person to another.
Example: “Drawing on the Right Side of the Brain” --Betty Edwards
Example:An 8 year old girl with Tourette's "copied" the cover of the Junie B. Jones book as part of a book report.
http://thelastpsychiatrist.com/2011/10/how_to_draw_not_about_how_to_d.html
Example:An 8 year old girl with Tourette's "copied" the cover of the Junie B. Jones book as part of a book report.
http://thelastpsychiatrist.com/2011/10/how_to_draw_not_about_how_to_d.html
Why Modeling:
Practical: correct problems and add abilities
Evolutionary: Perceiving structure and systems
Spiritual: open to the beauty of structure, preciousness of each person
Experiential Array:
Array and Graphic by David Gordon
Understanding keywords and difference between attributes and states:
A human's brain can process about 100 trillion teraflops
Your sensors receive 10,000 bits/s
from this 10,000 bits, about 40 are being processed
This causes us to “make up” our very own version of this world.
How do we use this:
listen in conversations to keywords like “stress” “freedom” “love” etc find out the person's actual internal state vs perceived internal state
pay attention to micro expressions understand the difference between a state
and an attribute “he feels” vs “he has”
Convert Attributes into States:
try to generate and feel states for yourself try to generate states from other people by using
the “right” words find out when these states are appropriate find the right timing to use these states
Don’t forget: From the n-Mio Bit/s messages you get in, you can only deal with ±7 at one time
Cold Reading / What is your first impression?
Clothes - Uniform type Body type Gender/Age Ethnicity Manners/Discipline Physical Markings Smell Teeth Hands Interaction
Micro Expressions:
Based on the system which Dr.Friesen developed, we can divide about 1000 unique facial expressions which are exposed by the neurological connection between the emotions and the 43 muscles we have in the face. This can be used to find out if a person lies to you.One should not underestimate what you can see in the eyes. With a bit of training you can see if a person sees a video picture in the "mind's eye" (visual) or is listening to an internal recording (auditory), or if she/he is concentrating on feelings (kinaesthetic).
Micro Expressions:some charts from Dr. Lightman:
Intelligence Gathering before 1st customer meeting:
Internet search: Maltego GOOGLE!/LINKEDIN theHarvester BundesAnzeiger http://www.onstrat.com/osint/ whois Social Media Physical Recon visit the place, i.e. as customer building video surveillance entry systems security/alarm systems
Meet the Client:
find out what his business is find out about the company's hierarchy
customer relations vendor relations
Threat Modeling:
assets (resources which can become targets)
threats vulnerabilities attacks countermeasures1. identify the security objectives2. get an application overview3. decompose the architecture4. identify threats 5. identify vulnerabilities
Threat Modeling:
STRIDE Model
Spoofing Identity Tampering with Data Repudiation Information Disclosure Denial of Service Elevation of Privilege
Threat Modeling:
DREAD Model
Damage Potential Reproducibility Exploitability Affected Users Discoverability
Threat Modeling:
The Assessment:
Storyboard Team Insertion point Rally point Hideout Infiltration Find & fetch the data Exfiltrate the data Passive/Active compromise Backup plan Writing report Business impact analyses Customer meeting Customer trainings
Infiltration:
tailgating / piggybacking steal fingerprints use of RFID skimmer Copy entry badges, i.e. with a Proxmark III Car key skimmer drop 32GB USB key pick locks entry as vendor entry as client
Example Infiltration Hardware:
Finding and fetching data:
Printer Spearphishing Dumpster diving 0x41414141 Keylogger l0phtcrack
Exfiltrate Data:
USB key printout in trash over the net Photo GSM Noisei.e. http://cs.tau.ac.il/~tromer/acoustic/
Active Compromise:
Alarm system Video surveillance Employee/Guard/Dog IDS/IPS
Passive Compromise:
Employee has a hunch but can't grab it Admin/User changes password Your machine loses network
