Social Engineering Tools

  1. SET – Social-Engineer Toolkit
  2. LUCY – social engineering VM
  3. EvilGrade – Update exploitation framework – injection exploit into an update
    3. A research that checked which programs updates are signed and which are are not, can be used to decide which program update to inject using evilgrade
  4. PhishMe Simulator – “PhishMe is a spear phishing simulator that raises awareness of the strategies and sophisticated tactics utilized today by hackers looking to compromise your firm’s data and systems.”
  5. A website to check password strength can be used for stealing passwords. I checked the client side code of the following website and it seems that its OK and it doesn’t send the password to the server, however with a small change you can turn it into a password stealing website. The function triggering the checks via observer pattern is called “passwordChange”. It got an array called “commonPasswords” containing common passwords.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s