Inicio Explorar Axuda
Iniciar sesión
golem
/
BlackTraining
Seguir 1
Destacar 1
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Rama: master
Ramas Etiquetas
BlackTraining
/
lessons
/
human_hacking
/
introduction
/
intro.md

intro.md 4.3 KB
Permalink Histórico Raw

title: Introduction course: human_hacking section: "Introduction"

layout: lesson

Social engineering (SE) has been largely misunderstood, leading to many differing opinions on what social engineering is and how it works. This has led to a situation where some may view SE as a simply lying to scam trivial free items such as pizza or obtaining sexual gratification; others think SE just refers to the tools used by criminals, con men, or perhaps, that is a science whose theories can be broken down into parts or equations and studied. Or perhaps it is just a long-lost mystical art giving practitioners the ability to use powerful mind tricks like a magician or illusionist.

In whatever camp your flag flies, this course is for you. Social engineering is used every day by everyday people in everyday situations. A child trying to get her way in the candy aisle or an employee looking for a raise is using social engineering. Social engineering happens in government or small business marketing. Unfortunately, it is also present when criminals, con men and the like trick people into giving away information that makes them vulnerable to crimes. Like any tool, social engineering is not good or evil, but simply a tool that has many different uses.

Consider some of these questions to drive that point home:

  • Have you been tasked to make your company is as secure as possible?

  • Are you a security enthusiast who reads every bit of the latest information out there?

  • Are you a professional penetration tester who is hired to test the security of your clients?

  • Are you a college student taking some form of IT specialisation as your major?

  • Are you presently a social engineer looking for new and improved ideas to utilise in your practise?

  • Are you a consumer who fears the dangers of fraud and identity thief?

Regardless of which one of those situations fits you, the information contained within this course will open your eyes to how you can use social engineering skills. You will also peer into the dark world of social engineering and learn how the "bad guys" use these skills to gain an upper hand. From there, you learn how to become less vulnerable to social engineering attacks.

This course is not for the weak. It takes you into those dark corners of society where the "black hats", the malicious hackers live. It uncovers and delves into areas of social engineering that are employed by spies and con men. It reviews tactics and tools that seem like they are stolen from a James Bond movie. In addition, it covers common, everyday situation and then shows how they are complex social engineering scenarios. In the end, the course uncovers the "insider" tips and tricks of professional social engineers and yes, even professional criminals.

Some might asked why would I be willing to reveal this information. The answer is simple: The "bad guys" don't stop because of a contractual limitation or their own morals. They don't cease after one failed attempt. Malicious hackers don't go away because companies don't like their servers to be infiltrated. Instead, social engineering, employee deception and internet fraud are used more and more each day. While software companies are learning how to streghten their programs, hackers and malicious social engineers are turning to the weakest part of the infrastructure - the people. Their motivation is all about return of investment (ROI); no self-respecting hacker is going to spend 100 hours to get the same results from a simple attack that takes one hour, or less.

The sad result in the end, is that no way exists to be 100% secure - unless you unplug all electronic devices and move to the mountains. As it is not too practical, nor envolves a lot of fun, this course discusses ways to become more aware and educated about the attacks out there and then outlines methods that you can use to protect against them. Being educated is one of the only surefire ways to remain secure against the increasing threats of social engineering and identity theft.

The old hacker adage, "knowledge is power" does apply here. The more knowledge and understanding one has of the dangers and threats of social engineering, each customer and business can have and the more each attack scenario is dissected, the easier it will be to protect from, mitigate and stop these attacks. That is where the power of all this knowledge will come in.