Assignment #2: Social Engineering Attacks
Now you have to persuade people to click on a link or open an attachment. You got your target,
you got your pretext. What’s next? Email? SMS text? WhatsApp message? You should probably
utilize the OSINT VMs (Tsurugi VM, TraceLabs VM, Kali VM) to deploy the social engineering
attack. Explore some of the tools for social engineering, for example: The Social Engineering
Toolkit (SET), ZPhisher, BlackEye, SocialPhish, MaskPhish, or MSFVenom, to name a few.
Your task is to harvest credentials of the target you OSINT-ed in the previous assignment.
Determine what tools you will use, templates, and how you will incorporate the phishing link
within the pretexting scenario you have developed. Simply writing “I will send them the phishing
link in a text message” won’t work. You have to show that this indeed works.
What to submit? A Harvested Credentials report:
Again, I have no rubrics for this report. Make sure you write concisely and take good screenshots.
Cybersecurity doesn’t come in rubrics. Nor is social engineering. “Hey professor, you want us to
submit the reports for each assignment separately or a final report will all assignments?” Your
pick. I don’t “want” anything except a concise proof of actual work.
1. Choice of a Web Template: You have to provide a good, sound justification why you picked
this template and how it factors into the pretexting scenario.
2. Step-by-step Deployment (with screenshots): Yes, this is important. You will graduate
and go work in big places and probably write lengthy and nifty tutorials. Practice writing
them and be concise.
3. Emulation Setup: It is easy to copy/paste the phishing link in the same VM. Not going
to cut it, though. You need to make a deployment to show the phishing works from two
individual machines. Build Your Own Lab? Perhaps a Cloud Lab? Your choice. You have
to also explain, step-by-step, concisely how this is to be achieved so someone who has no
clue about the set up can follow your steps successfully.
4. Mock Credentials: Absolutely no actual credentials nor sending links to people. Show me
what you harvested with dummy values.
5. What you Learned: Write about what surprises, hick-ups, hurdles, frustrations, exaltations,
and what you learned as being able to properly deploy a social engineering attack for
harvesting credentials. Write what the victim might do to prevent being phished. Simply
“Use two-factor authentication” doesn’t say much. A bypass?. Go beyond this.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more
Recent Comments