Social Engineering

The assessment-execution phase is followed by the analysis & reporting. Defendza performs analysis on the testing output, evaluates the risk impact and likelihood of exploitation in realistic scenarios before providing action plans to remediate the identified risks. All our reports address business as well as the technical audience with supporting raw data, including mitigation measures at strategic and tactical levels. 

Email addresses are harvested from the internet using special scripts to look for target domains.

Based on the naming notation, personnel names are searched from online sources that are then used to create email addresses. This is one of the techniques used as a preparatory step for phishing campaigns.

In this phase, we obtain details about the organisation and their staff using various online sources. This includes (and is not limited to)

• Use of multiple search engines such as Censys, Shodan, Google, Wayback machine, archives and cached search results. 
• Job postings on the corporate website as well as on job networks.
• Infrastructure Reconnaissance - Information such as network blocks, infrastructure components, websites, networks & DNS is collected from online sources.
• WhoIS, Domain Search Results such as registrant information, domain squatting.
• Review threat intelligence feeds related to the network blocks obtained.
• Web archive / time machine to obtain data posted in the past on the corporate website.
• Obtain data from past compromises, postings on Pastebin and GitHub.

From email address and social media websites like LinkedIn, details about the staff would be obtained. This would include -

• Employee full names, job roles, as well as the software they use.
• Obtain details about personal and corporate blogs
• Identify all social networks used by the target user or company.
• Obtain employee email addresses, telephone extension / mobile number details, personal interests from social media sites like Instagram, Twitter.

Vishing involves phishing using the phone. The phisher calls an unsuspecting victim over the phone pretending to be a worker of a supplier, support helpdesk or even from the bank, to collect personal information. 

Unlike email phishing, for Smishing, the attack vector is a phone number. The phisher pretends to act on behalf of a trusted or legitimate company and sends an SMS to the unsuspecting victim. This could be a genuine sounding reason that needs immediate attention like e.g..., announcing that they have won a prize or offering them to participate in a raffle or context. 

Email phishing is one of the easiest types of phishing and is used to trick unsuspecting users into giving information without their knowledge. This phishing can be launched in several different ways:

• Sending an email through a familiar name like from a well known Support used by their company or vendor,
• Sending an email impersonating their superiors requesting for an immediate response with sensitive data. Just by seeing the superior's name and the urgency of action, some users may click on the link. And finally,
• Impersonating the identity of an organization and asking employees to share internal data.

Based on the response received from the reconnaissance phase, the target list is prioritised. The priority would be based on "low-hanging" fruit that could aid in gaining a foothold within the network trivially. 

The first step of reconnaissance activity includes passively identifying the hosts and services visible on the Internet. This includes limited Open Source Intelligence phase. During red teaming or related offensive security projects, this exercise involves extensive information gathering about a customer's people, processes and technology in use. Research based threat intelligence is an integral part of any offensive exercise.

Overall, the aim of this phase aims to harvest as much information as possible about your organisation that would be used for later phases.