Social Engineering Tools

  1. SET – Social-Engineer Toolkit
    1. https://github.com/trustedsec/social-engineer-toolkit/
  2. LUCY – social engineering VM
    1. http://gtta.net/PS/lucy.html
  3. EvilGrade – Update exploitation framework – injection exploit into an update
    1. https://github.com/infobyte/evilgrade
    2. https://www.youtube.com/watch?v=aBy-9KxopDE
    3. A research that checked which programs updates are signed and which are are not, can be used to decide which program update to inject using evilgrade https://www.usenix.org/legacy/event/hotsec06/tech/full_papers/bellissimo/bellissimo.pdf
  4. PhishMe Simulator – “PhishMe is a spear phishing simulator that raises awareness of the strategies and sophisticated tactics utilized today by hackers looking to compromise your firm’s data and systems.”
    1. http://phishme.com/product-services/simulator/
  5. A website to check password strength can be used for stealing passwords. I checked the client side code of the following website and it seems that its OK and it doesn’t send the password to the server, however with a small change you can turn it into a password stealing website. The function triggering the checks via observer pattern is called “passwordChange”. It got an array called “commonPasswords” containing common passwords.
    1. https://howsecureismypassword.net/
    2. https://howsecureismypassword.net/assets/js/app.min.js?1342770186
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s