Which advanced persistent social engineering attack vector do you prefer which has a high rate of success? Just curious to know different opinions.
If I talk about social engineering attacks within a network then, performing
(1) Java applet attack to deliver malware
Or
(2) showing fake update message using BeEF
Could be the best way to hack someone within a network
Or
(3) setting up fake evil AP in order to perform MITM, and then performing DNS spoofing attack
To deliver fake Facebook or any other page.
If you want to hack someone which is not in your network, then it all depends upon you that how smartly you can deliver malware or phishing pages
For example, one approach to deliver malware is sending an email to let say a YouTuber,
That you want to advertise your companies software, you want him/her to review it in his/her video. Money will be given on the bases of per 10,000 views.
If you can spent some money then suggested to do a small amount of advanced payment, it will just increase the rate of successful attack
Again these are just some examples,
Social engineering can’t be taughed, as it is a talent which you have to build,
A art of human exploitation
2 Likes
Hello, thank you for your reply but i was looking for WAN attack vectors.
Here is one I have heard of recently. Hypothetically, say your target is an politician named “Hillary”. You scan Hillary’s FaceBook and find out she has a daughter named “Chelsea” You do recon for info. You find Chelsea’s phone number it’s 867-5309. You spoof your number to match hers and send your malicious link posing as Hillary’s daughter. Making it enticing you will more than likely get a click/shell. But this is taking it way out of the spectrum of a pentest so better not to do it.
1 Like