Posts tagged Social Engineering

1 min Metasploit

Webcast: Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit

Thanks for the many CISOs and security engineers who attended our recent webcast, in which I presented some practical advice on how to leverage Metasploit to conduct regular security reviews that address current attack vectors. While Metasploit is often used for penetration testing projects, this presentation focuses on leveraging Metasploit for ongoing security assessments that can be achieved with a small security team to reduce the risk of a data breach. This webcast is now available for on-

2 min Metasploit

Man on the SecurityStreet - Day 2 Continued.

It's your favorite reporter in the field, Patrick Hellen, reporting back with some more updates from our speaking tracks at the UNITED Summit. Dave Kennedy, the founder of TrustedSec, gave an entertaining presentation called Going on the Offensive - Proactive Measures in Security your Company. Just like HD's earlier presentation, we had our staff artist plot out the entire speech, which you can see attached below. When I say entertaining, the previous talk track was a debate session that Dave

1 min Exploits

Man on the SecurityStreet - UNITED Day 1.

Hello from San Francisco, home of the 2012 UNITED Summit. It's been an incredibly full day. I'm writing this quick update from an excellent presentation that nex [] of Cuckoo Sandbox fame is giving about threat modelling. According to Claudio's research, only 103 of the almost 50,000 odd vulnerabilities in NVD's vulnerability database are actually being exploited in crimeware kits like BlackHole. Claudio identified MS Office as the most exploited piece of

3 min Metasploit

SOC Monkey - Week in Review - 8.20.12

Monkeynauts, Welcome back to your weekly round up of the best bits from my App [] that you should be downloading from the Apple App Store []. This week, let's dive right into the most clicked story from last week with an update on how Mat Honan is dealing with life post hack: How I Got My Digital Life Back Again After An Epic Hacking. [

4 min Networking

SOC Monkey - Week in Review - 8.13.12

Welcome back Monkeynauts, It's Monday, so that means I'm going to tell you to download my App [], from the Apple App Store [], before launching into the top stories the Pips found interesting last week. Let's take a look, shall we? Let's start this week with something that might hit close to home for several of you, including your favorite Monkey twitter aggregate: Blizzard's B

4 min Networking

SOC Monkey - Week in Review - 8.6.12

Monkeynauts, It's good to have you back. If this is your first time here, feel free to check out where I'm getting all my stories by downloading my App [] from the Apple App Store []. Let's take a quick trip back to some of the big news from earlier this summer, and discuss LinkedIn again: LinkedIn: Breach Cost Up to $1M, Says $2-3 Million in Security Upgrades Coming. [http://w

3 min Compliance

SOC Monkey Week In Review - 7.23.12

Hello my Monkeyreaders - and welcome back to another edition of the ongoing misadventures of the InfoSec world, as told though my Free App [], available as always in the Apple App Store []. I figured I'd start off the week with a story that reminds me of all the Breach stories from my last Review: Eight Million Email Addresses And Passwords Spilled From Gaming Site Gamigo Months A

2 min Penetration Testing

SOC Monkey Week in Review - 6.1.12

Dearest Monkeynauts, As always, I'm back on Friday to give you the biggest news items the Pips have sent out this week via my free app [], available in the Apple App store []. Download now! I'm sure none of you are surprised to see that our biggest topic is currently Flame []. My feeds started to explode earlier this week when Wire

2 min Compliance

SOC Monkey - Week in Review 5.25.12

It's SOC Monkey, coming to you on May 25th, otherwise known as Geek Pride Day []. Unrelated, sure, but not something my Monkeynauts should be unaware of.  Also, they should be aware of my IPhone App [], still free to download from the Apple App Store []. First, let's start with a big company from the beginning of the Internet: Yahoo Axis

3 min Networking

SOC Monkey Week In Review 5.11.12

Monkeynauts! I have returned, and I bring free gifts from the Apple App Store [] - my SOC Monkey App [] that you should be downloading as I type. First up, I've got a great story from the always wonderful Wired [], about just how ubiquitous being attacked really is these days: Everyone Has Been Hacked. Now What? [

2 min Patch Tuesday

Microsoft Security Bulletin Summary for February 2012

In the Microsoft Security Bulletin Summary for February 2012, Microsoft released nine bulletins to address 20 vulnerabilities. Instead of love on Valentine's day, organizations may have fear pumping through their hearts when you couple the recent news of several high profile breaches with Patch Tuesday. There are four bulletins rated “critical” and they will likely affect all organizations. The critical bulletins are MS12-008, MS12-010, MS12-013, and MS12-016 which are all related to browsers a

3 min Metasploit

How to Fly Under the Radar of AV and IPS with Metasploit's Stealth Features

When conducting a penetration testing assignment, one objective may be to get into the network without tripping any of the alarms, such as IDS/IPS or anti-virus. Enterprises typically add this to the requirements to test if their defenses are good enough to detect an advanced attacker. Here's how you can make sure you can sneak in and out without "getting caught". Scan speed First of all, bear in mind that you'll want to slow down your initial network scan so you don't raise suspicion by crea

1 min Metasploit

Bait the hook: How to write good phishing emails for social engineering

What are the baits that make people click on a link or attachment in a social engineering email? I've looked at some common examples and tried to categorize them. Maybe this list will trigger some ideas next time you're writing social engineering emails. Habits: Think of this as exploiting the brain's auto-pilot - standard email triggers standard response of opening attachment or clicking on link: * LinkedIn connection requests * GoToMeeting invitations * Daily reports from a CRM/ERP sys

1 min Penetration Testing

Using the <base> tag to clone a web page for social engineering attacks

Social engineering campaigns can be a lot more effective if you can impersonate a well-known website that users trust. However, when you simply clone a website by cutting-and-pasting the page source and putting it on your own server, your links will stop working. Copying all links and images from the other site can be cumbersome, but there's an alternative: the HTML <base> tag. It specifies a default address/target for all links on a page; it is inserted into the head element. Let's say you've

2 min Networking

Is Cyber Espionage Cheating?

There is a great quote attributed many times to baseball legend Mark Grace: "If you aren't cheating, then you aren't trying hard enough." This resonates well with me in the current global market where everyone is playing by new rules. It seems like even though many Americans value concepts such as intellectual property, trade secrets, and competitive advantages, they don't consider the value other countries place on them too, and they don't take the necessary steps to protect their valuable