3 tips for using the social engineering toolkit

By , CIO |  Security, social engineering

Two years ago, Dave Kennedy, a penetration tester, social engineering expert and contributor to the website social-engineer.com, wanted to create a tool for pen testers to simulate social engineering attacks.

Slideshow: Big-Screen Con Artists: 7 Great Movies About Social Engineering

With this in mind, he built the first social-engineering toolkit, a free download on the sites companion, educational resource, social-engineer.org. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test.

Kennedy, now CSO at security systems vendor Diebold, says the popularity of the toolkit has been remarkable. It is considered by many to be the standard for companies using social-engineering-based attacks as part of their pen testing. The SET, which is added to and updated frequently, is downloaded approximately one million times after each new release, according to Kennedy.

[ http://www.csoonline.com/article/print/www.social-engineer.org]

Kennedy spoke with CSO about his advice for maximizing results when using the social engineering toolkit.

Learn more about social engineering tricks and tactics

4 ways criminal outsiders get inside

3 examples of 'human hacking'

Exploiting 5 security holes at the office (includes video)

Do your research and prep work

"As simulated adversaries for companies, as pen testers, we always to run the latest and greatest and sexiest software exploits out there. But now when I do a pen test, I don't even run exploits anymore. The techniques that are built within the social engineering toolkit dont leverage exploits. They utilize legitimate ways that Java works, legitimate ways that email works, to attack a victim," said Kennedy.

Originally published on CIO |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question