Every security professional knows that systematically testing defenses is a good idea.
Systematic and empirical control testing quite literally underpin much of our discipline.
That's reflected by a variety of security operations - from penetration testing, phishing simulation, and vulnerability scanning to container scanning, data loss prevention and beyond.
When it comes to how to test technologists sometimes fall into the trap of overfocusing on the technology ecosystem.
These technical validation efforts are important, but it's also important to test the human element.
Just as we systematically test the security profile of an application, server or network, so too must we test how resilient users are.
There is one helpful option: Social-Engineer Toolkit.
SET is a group of utilities used primarily in a red team context, such as a pen test, to launch social engineering attacks.
The open source app, written by TrustedSec founder Dave Kennedy, enables security professionals to execute a variety of common attacks, such as creating plausible-seeming websites that mirror users' trusted destinations, conducting tabnabbing and performing other browser-based attacks.
Let's examine some of SET's capabilities and discuss ways to use the toolkit.
How to install SET. There are a few ways to install the software.
How to start SET. Run SET from the command line using the setoolkit command.
Attack using browser exploits or malicious website content.
Generate a malicious payload, or monitor for inbound connections from compromised victims.
Create a malicious wireless AP to enable man-in-the-middle or other attacks.
Generate QR codes with arbitrary and potentially malicious destination URLs.
Create malicious PowerShell for shellcode, Security Account Manager dumping, reverse shell, etc.
First and perhaps most obviously, use it to assist with pen testing.
SET supports any red team activity that includes a social engineering component.
If you expect autorun to be disabled on managed endpoints, for example - it is disabled by default on modern versions of Windows - explicitly test that capability using the media creation feature.
This Cyber News was published on www.techtarget.com. Publication date: Fri, 28 Jun 2024 19:13:05 +0000