Info about Social Engineering

Social engineering is a technique to obtain confidential information or intimation / sensitive by utilizing the human factor. To explore the ability of social engineering in addition to studying the author gives advice hacking techniques that are useful in social engineering, as well as learn the basics of psychological science. The author is generally mastered the basics of psychological science ortodidak like from books and so on.

Social engineering can sometimes be felt hard by hackers because Social engineering requires personal skills that are so natural in manipulating a situation even how to make the targets were not fully aware that he had a Social engineering although it may just take advantage of the realm of super-ego by performing acts of repression technique on the victim but tend to be more risky.

Social engineering techniques In here I share in some parts of the technique:

Hypnotic techniques

Hypnosis is communication with the unconscious conscious. Decreased level of consciousness is actually getting better but not decreased consciousness then it still can be carried out attacks with hypnosis techniques because the victim feels what is done with the awareness of knowing in himself that what is to be opened are considered safe and non-threatening.

The technique does not need to lose consciousness because of ignorance target

Hypnotic techniques can also be done with no need to create awareness of the victim is reduced because we are convinced with the logic that is acceptable realm conscious and subconscious, where the criteria for the victims of the conditions was that he did not know much about things related to computer security even further, especially exploitable browser, opening the program document and so on.

Suppose the victim who knew that what he would open the file extensions that are considered safe such as PDF or secure web pages based on the URL provided, the victim did not know that what actually opened hacking techniques that aim to exploitable applications that he uses to get the shell .

Suppose again a technique where we are with the victim when we can install or run an application in which the application is already infiltrated our keylogger, backdoor programs and as a binder.

Even to minimize suspicion then we can use the program from outside parties that are considered safe by the victim but not by us, the way to exploit vulnerabilities in an application, to prove empirically at first that there is no keylogger, backdoor and stuff we can show our downloaded from the official website and install it, with applications that have security holes that can then be used as a springboard for us into the victim's computer

Techniques to reduce awareness

Here you should be able to attack the target with a subconscious awareness of how to create a benchmark target is reduced so that he is trust, if trust is the criterion then we can direct the target or the victim to do what we want.

How to reduce consciousness to the victim by way of hypnosis:

Creating comfortable with our target

We can take advantage of a third person such as friendship, brother or something to be recognized that we are friends so that we gain access to the actual page we may not be able to obtain it, for example when we want our request was approved by the relevant on a social networking we can do first add friends, when the victim receives a friend request from us then he can feel more secure in knowing that we are friends of friends.

Utilizing a third party as bait

This technique is a technique that utilizes a third party to gain access without us having to communicate with the victim. For example I once told my friend to ask you something privately to his friend to penetrate the security of e-mails are filtered by two personal questions, my friend's friend turned out to give them to my friends and ahkirnya terbobollah passwords are friends of my friends.

Creating a curious target

We can take advantage of the curiosity of the target. For example adalahl you're sniffing the network by using ARP spoofing, here you you can lure the victim to open accounts in a network with your various social engineering techniques such as by saying that the account had been hacked. When he was curious so he logged in and we can start sniffing for passwords or perform DNS spoofing to make fake login.

For other examples such as we put the files whose contents eg something intriguing in its victims, for example the victim is a sex maniac then we can provide bait files that have file names associated with sex, does not have to file, the address by the name of the site can also address associated with sex as well. Awareness of the victim in this case dominated by his desire to see the content that has an element of sex.

Leveraging intellectual target

We can take advantage of intellectual ability on the target. For example you open the debate and lure the victim to open a url that can be given as a reference, when in fact given url is the URL that leads to exploit to get into a computer person. This attack is more on the use of intellectual awareness of the threats the victim so that others become berkurangan.

In addition to the above techniques we can also take advantage of more attacks on the use of super-ego on the victim, examples of techniques:

Technique with an attack on the victims of repression

We can perform on the victim's subconscious repression by utilizing victim awareness, for example, you as the boss threatened to layoff your employees if your employees do not want to give such accounts facebook account password or the like, according to the authors of this repression technique is an alternative technique that should not be used if not very forced, as in the example above you can just make people hate you because there are so of necessity there.

There are still so many other techniques that do not I have to say here, I do not want to give too much technique because it used a technique adapted to the conditions and situations, so here whatever technique you want to use then adjust to the circumstances. The point here is our mind set where you do a lot more Social engineering is then automatically then you can do so more naturally Social engineering attacks.

The fewer options hacking techniques used then we need more manipulation with Social engineering. The more our hacking techniques that can be used then we need less manipulation with Social engineering. Social engineering techniques are used less frequently because we can involve our subconscious, plus if we have not been unusual in the rigging of a communication matters relating to other people then tend to be more difficult because it is generally more hacking practitioners play at the level of direct attack by minimize personal contact with the victim.

The goal made the article Social engineering is expected to improve your ability to perform engineering Social engineering capabilities.

Read More......

How to know that your server was under DDOS attack

if you are a server administrator, may be that you know about DDOS attack n damage that uttack for network traffik for web server.
we can see if there are that uttack on our server.

if you use a linux administrator Go to your shell or terminal interface, login as a root an type this
"netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n"

this example:
root@www:/home/www# netstat -alpn | grep :80 | awk '{print $5}' |awk -F: '{print $(NF-1)}' |sort | uniq -c | sort -n

So, how to read from that result?
from that resault there are six IP address connected or access our server, there are :
And front of each number there is a number that show us how many traffic, the greater number it mean that there are more trafic and it can from DDOS atttack
from that result, connection from number six with 1000 traffic it can from DDOS attack

be carefully from that, cos can make slow your server connection...

Read More......

Familiar with CSRF (Cross-site Request Forgery) and how exploitation

CSRF (Cross-site Request Forgery) is a hacking technique to gain control of an account or even a way to attack the web that are executed on the authority of the victim, without pleases.

Request forgery CSRF is a technique derived from a web page or a different site, when executed by the victim's home page will display a new account without the admin desired.

Many security loopholes found in a variety of CMS, CMS example vCalendar.

The author created a story so easy to understand, there is an admin have a site built with vCalendar, one day she logged into the administrator page.

After the admin login and enter the user options menu it will show the user on the site.

Seen there are 3 pieces account, at that time were also asked by someone his friend to open a web page.

When the admin to click all of a sudden appeared a list of a user to login page.

With the addition of a user automatically to the administrator page, then his friend who trapped the admin can login with that account.

Read More......
Powered by NGELIH