1 hour 1 minute
Hey, everyone, welcome back to the course. So in the last video, we wrapped up our lecture discussion on social engineering.
In this video, we're gonna go ahead into our first lap. So in this lab, we're gonna take a look at a fake social media profile. But what we're gonna do is we're gonna answer some questions as we come. Pickler Profile.
Now, in the next video, we're gonna use a fake profile that I've created sort of in the real world, but in for this particular lab when he was a cyber lab environment. Now, if you don't have access access to that, you just want to go ahead and use like your own social media profiles and on different platforms. And it's kind of look for what kind of information you're putting out there yourself.
The whole purpose behind this particular labs used to show you what kind of information people are sharing out there. And so that way you could be a little more security conscious on your own.
So let's go ahead and get started. So we're to go to the cyber, a catalogue here now you should already be loved into the cyber re site and we're either going to search certified ethical hacker where you can just type in C E. H. So either one will get you to the correct location. We're gonna choose this option here, this certified ethical hackers C E H in parentheses
and then the practice laps. So just go ahead and click on that.
You're gonna see a launch button right there. Just click on that as well. And then we have one more click and that'll take us to the lab. So you see the launch item button here. Just go ahead and click on that one. You'll see it'll open the lab environment in a separate tap.
So now, once that opens up here, you'll see a whole bunch of different labs. We're gonna be scrolling down and looking for the Social Engineering Reconnaissance Lab. So it's little down the page here.
So right here this social engineering reconnaissance, you'll notice that mind says complete, obviously, because I've already gone through it before. But yours should just show social engineering reconnaissance. So once you find that, just go ahead and click on it
and they click the start button right there.
You'll notice that will pull up the virtual machines for us here. We actually have to Booth ease up, though. So the way we do that is we discover our mouths over top here and click the power on option.
And I was gonna take a few minutes as we click of the power on here. It's gonna take a few minutes for these to boot up. So I'm gonna go ahead and pause a video here and once might have come all the way up. Then we'll go ahead and restart. They keep going in the lab.
All right, So as you can see in the background there, all of my virtual machines air now on. So they show the green coloring there and they all say on
So let's go back to our lab document here. So we're now it's step for we're going to select the Windows 10 machines. So this P lab win 10.
So it's going to click on that one there. Now, it's gonna take a few seconds here, so to kind of initialize and establish a connection for us. And sometimes you might see a command prompt window kind of splash in the background and then go away. We'll give that just a second there.
Once it pulls all the way up here, we're gonna open Internet Explorer from the bottom taskbar. There's already use Internet Explorer for this one. You could potentially use edge, but the actual instructions with this lab called for Internet Explorer. So that's what we're gonna use. Justo Maintain consistency
once we open up Internet Explorer and type in this address right here
and then we'll see are basically that's an address for our target, Philip Nomad.
So let's go and do that now. So just go and watch Internet Explorer there.
We're type http Colon Ford's last Ford Slash And then it's gonna be the might book.
You'll see my book right there.
Now, we're not actually going out to like some real social media website here. I just want to stress that s if you're in a particular jurisdiction, that it's illegal to you do something like that.
Obviously, I'm not an attorney, but this problem wouldn't count because you're in a practice lap type of environment, so you should be okay there.
All right, so we see Philip Nomad in the background here. So now the rest of this lab is basically gonna be going through clicking throughout his profile here in answering some questions.
So again, I mentioned the whole purpose here to see what kind information people are sharing out there. And you've probably seen that quite a bit. If your security conscious is all, you've probably seen that quite a bit with the amount of information people will are willing to share on social media,
and it really doesn't take that much to get people to share, you know, things like their phone number address. You know, it's pretty crazy how much people are willing to share these days.
All right, so now we see our target, Philip Nomad. As I mentioned, we're gonna start answering a few questions here, as I mentioned already. So number one question here we're gonna answer is how many followers does he have?
Question number two. Does he post pretty frequently and then question number three Is Philip married? And then we're gonna go through some other areas of his profile as well. So let's start off with how many followers does he have?
So if we look right here, we could see that almost immediately. So we see he's got 1325 people following him. So we're able to answer a question number one there.
So 1325 would go right there. All right, so does he post frequently? So by frequently, I would say, You know, at least, you know, once a day or every couple of days. You know, we just don't want to see him posting, like, once a month, Right? That doesn't really benefit us for 12 years.
So let's just take a look at this post here. We see it. Looks like he publish something about 15 minutes ago.
We keep scrolling down here on his page.
We see posted yesterday. Okay.
You know, if we keep scrolling down, we'll see that there's another post from yesterday. So it does look like he posts pretty frequently. You know, maybe not every 15 minutes, but he does post, you know, looks like at least once or twice a day.
So that answers Question number two. So no question. Number three is he married?
Well, so we see this lady here, So you know who's this, right? Who is this person? Just kind of hanging out in the background there.
So if we scroll up a little bit too, this initial post of hiss, we see that he's got a post here saying, Hey, I can't believe I've been married to my beautiful wife Nina for two years now. So hey, it looks like he's married, right?
All this information is beneficial that then we've gathered so far. Number one, the number of people following him like Is he an influencer? That's kind of what we're wondering with that, you know? So, for example, if he's an executive at Microsoft, he should have quite a few followers, right? If he's doing like Tex talks and stuff like that. So that kind of gives us an idea of like how important this person actually is for a company.
And this is really beneficial for just looking at the company itself. And then we're trying to figure out potential targets
We also see that he's married, right? So we could potentially use his wife's profile, you know, and figure out some phone numbers for her and then from there, maybe figure out his phone number and sent him random text pretending to be her. Hey, can you do this or that. Maybe, you know, can you pick up this from the store and just try to, you know, do different things like that?
And then, of course, we see that he posts pretty frequently. So if we were able to, you know, hijack his account here, we could post different things if we were focused on, like, brand damage. For example, if we were targeting Philip himself and were like, Hey, you know, if we were a criminal attacker were targeting Philip himself to try to get him fired or something like that, maybe were hired by his competitors company.
And so what we could do is we could come take over social media
start, you know, posting, you know, terrible things. And so people, you know, So that affects his brand that gets him fired at his job or something like that. So I definitely don't do that. Hope everyone watching this is ethical. But that is one potential thing that somebody could do. If you're sharing a lot information on social media,
I'm gonna pause a video here. We're gonna pick things back up in the next video as we continue looking that Phillips profile and trying to find more information about him
We will explore some fake social media profiles, craft our very own phishing email and malicious payload using the Social Engineering Toolkit (SET) in Kali Linux, and play the “victim” by opening the malicious file.