Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
1 hour 41 minutes
Hey, guys, welcome back to the cyber kilt. In course of savage Ready, This is after running name and today's episode we're going to cover
So we went through the constance. We gathered as much information as we can, and I know I bored you with this. However, reconnaissance is an extremely important phase. We're going to use the information that we learned from reconnaissance and delivery because we want to create a successful social engineering attack
or if we're going to use an open FTP. That's something that we would have learned about
doing reconnaissance. A new organization we covered,
creating the payload using Unicorn Enemy destroyed. And now we move to delivery.
So in delivery, our goal is to send the malicious payload that we created
to the victim's side. This can be in multiple ways. The 1st 1 is open. Service is if you're lucky enough
and the company or the target that you're trying to attack has an open service. That would be
a lot easier because
you can deliver the payload through that open service so that say they have an open FTP port, allows anonymous connection and give you some privileges you can go ahead and deliver the
A payload using that open service.
The other one is social engineering and social engineering is extremely popular
and might be, ah,
one of the most skills or one of the most tools used to be able to deliver a payload, or
at least fish. Some information back from the
ah tak it roar from the target. I'm sorry the last thing is over. The last method is can be physical. As we said, attacks are no only technical, they can be physical,
and that's something that I've seen before. A USB is dropped in the parking lot or in the lobby or something like that. It would have something like
a tag that says
Compensation 2019 or something like that. Ah, lot of people would find this interesting and
to the work
Andi, I can. Then the payload in the USB will ah
be delivered to the network using that
Yes, yes, the connection or the user
that is not really vigilant. That connected that you speak to the work work station
and there is a lot of popular or extremely popular examples of something like this happening so in today's episode we're going to cover is the social engine torque it, and it's a fairly simple tool. We're not actually doing a We're not actually sending the e mail or something, but we're going to go
through the social engine torque it. I'm going to leave.
A link to some of the resource is that has to do a social dealing took it.
It comes a built in and Callie Lennox, So you just have
and it's one of the easiest tools that you will ever
So that's the social engineering tool. Kit
was created by a trusted sec, which is the same Ah,
guys that created
It gives you a number of off, ah,
So the 1st 1 is a social drinker attack. We're gonna get into it in a minute. There's penetration testing. This is not
usually used a lot
for penetration testing. They have a number of third party models,
you can update and so on hold because I got the, uh,
calendar. It's built in
Ah, social drink. Took it. I can. When I travel, I obeyed my calendar. Next, this is automatically updated with it on. Obviously, I did not need to do my homework. I did not upgrade Michael Alex in a while.
So let's go into social engineering. Get tax
and again. As I said, this is fairly simple tool. You can't play spear phishing attacks from here.
Basically, you can't form a mass email attack. You can create a file format attack assertion, gene template
and then we go back website Attack Victor's. And that's extremely popular as well, where you create a website that has a payload and then use another tool with a decision. Took it to send an email. Ah, that has a forced Oh, a false link that would send
the victim to one. Do the work site that you created.
Ah, there's a lot of ah
off features here. Mass A. Miller is one of them. You can create
a a mass email attack. Not going to do that.
So let's go back or sang a single human as well.
Ah, there is also a semi us spoofing, but you need a web service to do that. Obviously. Well, access point is another one. If you if the attacker is doing a physical attack. Hey, can proof a wells Ah, access point using the stool and then, uh,
maybe one off the employees within the company with connectors.
Oh, the target. I'm sorry. I'm assuming it's a company. And the target would, uh,
would, uh, connect to his access point on the rogue access point
on dhe. The attacker will be able to deliver
the payload that way.
that's the source Engine took it. As I said, I'm going to leave a number of documents.
Uh, an hour in the resource is page. That would go. Moreover, search engine torque it on the capabilities off. Social engineer took it.
what is the purpose of the delivery faves?
So the delivery, what we do in the delivery fee is our main purpose or goal of the delivery place is to deliver our payload to the other side to the target off
There are multiple ways of doing it. It can be using all the service's social engineering or even physical
through our force. Reconnaissance faces normally not used during the delivery face.
And as you noticed,
in delivery and in weaponization. I've talked about a lot about reconnaissance
because if he did collect reconnaissance, you will know what kind of interest do the system admin has? What kind of interest is the CEO has with CFO as, and then you can create
a fairly successful social engineering attack or campaign that would trick them into hopping. You deliver your payload.
Finally, social gene can only be used to get the FTP servers passwords in order to upload the payload.
So that's one way to use social engineering is, Ah,
get them to put in the reason and create a website using social engineering toolkit. Clue No upside that looks like that FTP server and let them put him there using the password. Then use this username and password. Don't directly P server. However, that's not the only way out there.
As I said, social dealing, you can,
uh, let them click on the link. The link would send them to a a page or a fake page that would automatically download orders told your payload on their machines.
So in today's episode, we covered delivery pays on. We talked a little bit about destruction. Janine took it. In the next episode, we go to exploitation on installation. The next episode is where the hacking begin.
See you then