Malicious Email Social Engineer Attack Using Social Engineers Toolkit (Set)

Description: <div style="text-align: justify;">The Social-Engineering Toolkit (SET) is a python-driven suite of custom tools which solely focuses on attacking the human element of penetration testing. It's main purpose is to augment and simulate social-engineering attacks and allow the tester to effectively test how a targeted attack may succeed. Currently SET has two main methods of attack, one is utilizing Metasploit[1] payloads and Java-based attacks by setting up a malicious website that ultimately delivers your payload. The second method is through file-format bugs and e-mail phishing. The second method supports your own open-mail relay, a customized sendmail open-relay, or Gmail integration to deliver your payloads through e-mail. The goal of SET is to bring awareness to the often forgotten attack vector of social-engineering. SET was created by Rel1k for social-engineer.org. <br><br>This video created by loganWHD demonstrates how to use the Social Engineers Toolkit to perform an email attack using a maliciously encoded PDF. The first step is actually dumpster diving and finding an internal email list of the company. Then he creates a malicious PDF file vulnerable to the util.printf security bug. Then loganWHD uses the SET to create a spoofed email about an important memo to check out the attached PDF for more details. Once the victim opens the attachment, the exploit gets executed and of couse ... GAME OVER! :) Nicely done! <br><br><span style="font-weight: bold;">Thanks to loganWHD from </span>Social-Engineer.org<span style="font-weight: bold;"> for submitting this video to ST! We would highly recommend </span>visiting their site and to try out SET!<br><br><br></div><style type="text/css">body { background: #FFF; } </style>

Tags: basics ,





Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.