Social Engineering Lab 1 Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

1 hour 1 minute
Video Transcription
Hey, everyone, welcome back to the core. So in the last video, we went ahead and launched our lab environment. We also started taking a look at our target in this situation. Philip Nomad. So we looked at a face think social media profile here in the lab environment. And we were able to see how many followers Philip had. Did he post frequently? We noticed that he posted it. You don't see, like, at least once a day, sometimes twice a day.
And then we're also able to answer the question. Was Philip married? And the answer is Yes.
Looks like based on his post. He was married for a couple of years to his wife, Nina.
So now let's step Aidan the slaps. We're gonna take a look, some of the photos in his post, and then, basically, we're gonna look, Cassie, has anyone else come into town? Phillips photos. And if yes, what are their names?
We're also gonna take a look and see if they've got Children or not. So do Philip and his wife have Children or not? And if yes, what are their names?
And they will keep moving on throughout the rest of his profile.
So let's just scroll back up a little bit here. This is the first post here. So we see that that's him. And, you know, hopefully that's his wife and not not someone else, but that appears to be his wife. And we see there's some kind of water in the background. So maybe ocean may be a lake. Something like that. This looks like a honeymoon or, you know, wedding type of photo
s o. They both looked pretty happy in there, but we could tell them
took a trip at some point
we see here that he mentions Hey, this is my wife. You know, we're married for two years. So again, we can assume that this is either the wedding itself or during the honeymoon
Whatever questions we see here immediately that some people have posted on here, right? So we see Alexis is posted. She's very happy about this. You know, John is happy for them as well. He's asking when's the baby due? So
that actually answers another question on our list. You're right. So if we come back here, has anyone else comment? Films post, you know? Yes, we did. See that and then question over. Five. This Philip have Children. If yes, what are their names? So we see that they might be expecting a baby, but they don't have it. Doesn't look like they got Children right now, because there's no mention of like, Hey,
you know, we're happy that you know, a little Billy, like, you know, like the wedding or something like that. So the mention is like, Hey, ones that baby do so It could be something of a future thing. Like maybe they're trying to have a baby, or the friends is trying to encourage them.
Toe, have a baby? A. Some people do or they are. You know, they're actually pregnant. Will not. He's not pregnant, but she's pregnant and they're expecting a baby. So that's another thing. If we were trying to, you know, for example,
Meet Philip in person. If we know that he's his wife's about to have a child and let's say we work as a nurse, maybe we can get a job at the hospital kind of near where they live at, You know, again, it's kind of stalker ish, but we could get a job at the hospital they kind of they live near and potentially be the nurse that's working with his wife.
And so we could get more information about Philip.
That's kind of, Ah, dramatic example there because it's a lot of there's a lot of risk involved, as far as like, you know, obviously being discovered that sort of stuff. So you rarely would see an actual, like attacker do something like that. However it could happen.
All right, let's go back to our lab documents here.
So now what we're gonna do is especially keep going through the other post by Philip, and we're just gonna take a look at other use of information that we might be able to find. So that's gonna be a question Number six there. Now, as we scroll through and I'm gonna point out what I think is useful information So we see. You know, of course, information about his wife known her name. That's where stuff
that's beneficial. Knowing that they may be expecting a child or they may be trying to get pregnant
could be an angle of conversation that we could use to strike up with Philip.
We see you know that he's very in love with his wife on. So, you know, we see that
he's willing to do anything, you know, for her, essentially right. So we could use that as a tactic to get information or, you know, have him do certain things if we're works, for example, working for competitors, company
as we could skinny continue scrolling down here. This is what I actually wanted to take a look at here. So we see that his car broke down, so looked like yesterday's car broke down and he left his phone at home. So we noticed a couple of things about Philip. You know, number one here. Of course, the car car broke down, right? So he's probably used to repair shop or something like that.
Or he's got a mechanic, more than likely a repair shop. He used maybe
hack that repair shop and get information like personal information about Philip from their systems. Because then they might be a weaker security sense. Then, like maybe Phillips working for a huge company, and they're a lot more secure than the little repair Mama pop repair shop.
The other thing that we see here is that he left his phone at home. So sometimes it seems like, you know, maybe he
has an issue of forgetting his phone or is, you know, it's you know, ipad or something like that in this house. So perhaps we're good and lock picking. And maybe Philip and his wife don't have a security system that we can see when they leave or something. And maybe we can get in there and see if there's any electronics left behind that might have data on them that weaken, you know, either steal or copy.
Obviously, copying the information is better.
Because that way, Philip doesn't know we've done anything. Right. So that's another avenue. Here is well with this particular bit of information.
So now we're gonna go back to the top of the page, where to click the about tab, and then we're gonna take a look and see if we noticed any actual personal information about Philip. So if you scroll back up here,
we're gonna click on me about Tab, this one right here.
We just want to take a look and see if there's any information that he's actually sharing, like, personal information. So right off the back, and I'm sure your eyes went to the same spot. You notice the date of birth. Eso obviously never share your date of birth on social media, especially the year. And I'll just say this. He looks a little well, I guess he could be 29. He looks a little old older than that,
Um, but you never know. But this is a fake profile after also doesn't really matter.
We also see that he's sharing his phone number. Some other, you know, send my personal information that he's sharing is his education. So we could potentially say, Hey, yeah, I went to Oxford University as well, and I studied computer science has seen we have that in common with us on social media.
We also see that he's a friend. It's offer engineer a Google. And so from there we could say, Well, I'm targeting Google. Here's an employee of Google. Let me use Philip. That's my target. Or we could say, Oh, Philip or to go. Maybe I can mention that I work in some other Department of Google, you know, he more than likely wouldn't know that, you know, he wouldn't know if I'm legit, especially by saying the contractor or something,
and so that that's another avenue in.
We also see he likes to play guitar on that He has a dog. So we might be ableto use those avenues. Anna, maybe maybe Philip even does like concerts or something in town plays locally in a bar or something. So we might use that to go and play or something. Or we could connect with my social media and say, Hey, look, yeah, I play, you know, at the bar over here, I play guitar.
Why don't you come over, stop over and hang out sometime? You know,
and it's all this is just about trying to get information about our target and then exploit that information for our own benefit.
Let's go back to our lab document here.
So as I mentioned here, yeah, we had seen He works, is a software engineer. We see some past employers.
So question number eight here. Let's take a look and see if you speak any languages besides English and then also what country doesn't look like he's posting from.
So it's cruel down here and to see what other information we have. Of course, we see the Google HP stuff like that.
So we see that it looks like he's posting from the UK All right, so we've answered that question there, and if we scroll down a little further on the page, you'll see what language is. It says he speaks. So he's fluent in English and it looks like he's beginner level in French.
All right, let's go back to our lab document here.
So now we're gonna go ahead and go back to the top. Here were to slip the album tabs
over there.
So what? Scroll back up and then select on album.
And the first thing we're gonna see here is the list himself is a creative director,
so it's potentially telling us Said Okay, maybe he's director level. Maybe he's got, you know, administrative top of access on the company's network. It doesn't necessarily mean that, you know, as you've probably seen in social media, you know, like janitors are calling themselves, you know, cleaning architect and stuff like that. So, uh, you know, sometimes social media people are just making up titles,
but it is a potential avenue that we could use, So we always want to make sure we gathered enough information that we can hopefully exploit it.
So we already know that he has a dog.
We were able to see that as well. Here. Now we're gonna scroll back up to the friends area in a second, we will see a photo of a dog here. And so it implies that that's probably his dog that we had seen the name of before.
We also see some other photos there. They may or may not be of actually him or his wife for things they've done. Curtis be random photos from the Internet.
So now we're gonna click on the friend's tab here.
We're gonna pull out that page as well.
All right, So all we're gonna do here now is we're just gonna take a look at his friends list, and then just think to yourself like, what kind of things you could do with this information. So we see a lot of different friends here. We see. You know, somebody is a student Oxford. So they probably met there in some capacity. We see the John Doe is a traveler. We also know that John posted on his previous post.
We see Nina, That seems to be Philip's wife. She's in our designers, and maybe we can connect with her that way and then use hers as an avenue into talking to Philip. And you'll notice a lot of his people are either softer engineers and a lot of his friends list or photography and graphic design musicians who kind of arty type of thing.
We also see that there's a CEO right here. So maybe that somebody that worked within that Google at some point.
So all these people, you know, the what we're looking for here all these people could be exploited. The relationships can be exploited with Philip, so that way we can actually get information about him. So we could be asking these people like, Hey, you know, I noticed that your software engineer, maybe you work a Google with Philip. Is he a good guy? You know? Hey, he's interviewing for a job. Can I use use that refugee put you down as a reference?
Can you just tell me a little more about him or whatever? So all these things were using to gather information to then use
in our attack.
So this video we just wrapped up our discussion on Philip No, man. So we went ahead and looked at his entire profile here. Took a look around to see what information you gather in the next video. Want to jump into the fake profile that I mentioned? I create.
Up Next
Social Engineering

We will explore some fake social media profiles, craft our very own phishing email and malicious payload using the Social Engineering Toolkit (SET) in Kali Linux, and play the “victim” by opening the malicious file.

Instructed By