Virtual Labs: Sniffing & Social Engineering

  Consider what you have learned so far about Sniffing and Social Engineering as you review the objectives and scenario below. Complete the lab that follows on EC-Council's website using the link below. Objective Social engineering is the art of convincing people to reveal confidential information. Social engineers depend on the fact that people know certain valuable information yet are generally careless in protecting it. The objective of this lab is to: Detect phishing sites Protect the network from phishing attacks Perform Credential Harvesting Perform security assessment on a machine using a payload generated by SET Scenario Social engineering is the art of convincing people to reveal sensitive information in order to perform some malicious action. Organizations fall victim to social engineering tricks despite having security policies and best security solutions in place, as social engineering targets people’s weaknesses or good nature. Reconnaissance and social engineering is generally an essential component of any information security attack. Cybercriminals are increasingly utilizing social engineering techniques to exploit the most vulnerable link in information system security: employees. Social engineering can take many forms, including phishing emails, fake sites, and impersonation. McAfee's new “Hacking the Human Operating System” whitepaper focuses on the use of social engineering to attack home and business users and finds once again that people are the weakest link. The McAfee report points out that there are many organizations who develop and deliver user awareness programs into their business areas, but the effectiveness of such programs varies, and in some identified cases, even after the security training has been delivered, it has done very little to educate their end-users with any valued security awareness to mitigate the threat of the social engineering attack. It is essential for you as an expert Ethical Hacker and Penetration Tester, to assess the preparedness of your organization or the target of evaluation against the social engineering attacks. Though social engineering primarily requires soft skills, the labs in this module demonstrate some techniques that facilitate or automate certain facets of social engineering attacks.