SERVFORU

Social engineering ; A career


social engineering is method of retrieving password or answer of security question simply be quering with the victim. You have to be very careful while using this as victim must not be aware of your intention. Just ask him cautiously using your logic.

When most people hear "Social Engineering," they think of the criminal aspects of the term. But the practice also has professional applications for security practitioners who want to help test and improve organizations' security practices.
Being able to determine which type of job you are seeking is crucial. In-house and contract employees have different challenges.. Recent contract wins and any enforcement action should be noted, as well as awards and recognition for outstanding work and employee satisfaction. Purchases and sales of smaller companies are a good indicator of business growth opportunities, as well as knowledge about skills important to the company.
In order to gain internal information about the company, try to get personal interaction with employees of your target. Human Resources departments sometimes hold job fairs or community outreach allowing you to get more information about the employees and their opinions. Research into newsgroups and mailing lists can turn up topics of interest to the company. Knowledge of regulatory environments for the company's customers is critical for interview stages.



This sounds to be pretty not working at beginning. Even I was neglecting this way. But, once, I thought of using it against my friend on Facebook and i got his Facebook password very easily by this method. I think many of you might be knowing how what this social engineering, For newbies, 

Social engineering undoubtedly is an integral aspect of information security and is a growing, respectable career field for professionals who value information security awareness and wish to play an active role in protecting security controls that govern the processes, operations, and transactions of any organization and add a distinct value within the institutional culture that informs and influences employee behavior. Social engineers are hired on both contract and permanent basis by independent IT/ Security consulting companies and government agencies to target client organizations in order to identify vulnerabilities that could cause important information to be compromised from their respective networks and system and thereby provide them with guidelines and recommendations to prevent this security threat.



  • Researching for rewards


  • Use Public Relations and Human Resource departments to gain personal interaction with employees.


  • Job fairs and outreach programs are a good way to gain face time with the target company.


  • Internships are a great way in for candidates recently out of educational work.
    Making the contacts


  • Blend in for personal interaction, and be flexible with your responses.


  • Try to keep talking at a higher level; don't overload the person with all your skills.


  • Find out background information, such as compliance or regulatory environments.


  • Be aware of contractual issues within a particular job or industry.
  •  

    Facebook Privacy : keep Your Account Protected

    1. Your name, your profile picture, your gender, your current city, the networks you’re in, who you’re friends with, and the pages you’re a fan of are available to anyone. These are known as publicly accessible information (PAI). You have no control over this.
    2. Any other piece of content marked visible to “Everyone” in your privacy settings is available to anyone. You have control over this.
    3. Any Facebook application or web site using Facebook Connect that you visit can access your PAI and content marked visible to “Everyone” in your privacy settings. You have no control over this.
    4. Any Facebook application you log in to or web site that you connect with your Facebook account can access all of your profile information (except for contact information), photos, videos, notes, events, groups, links, and notifications, regardless of your privacy settings. You have no control over this.
    5. Any Facebook application your friends log in to or web site your friends connect with their Facebook account that you have not also logged in to or connected with can access your information and content based on your application, profile, and content privacy settings. You have control over this.
    6. Any wall post a Facebook application or web site using Facebook Connect makes on your profile is visible to anyone who can view your wall. You have no control over this.
    7. Any change to profile information or feedback on content will generate a story on your wall visible to anyone who can also access the information or content. You have no control over this.
    8. Profile information, photos, videos, and notes are visible to other users based on your profile and content privacy settings. You have control over this.
    9. Events you’re invited to are visible to other users who can also view the event. You have no control over this.
    10. Past status updates and links are visible to other users based on the privacy setting used when posted. You have no control over this.
     

    How to choose the best laptop that suits your needs


    With a multitude of brands and models in the market combined with the very fast turnover in technology, it can really become such a headache when choosing what laptop to purchase for your mobile computing needs.
    Now since these devices can be quite expensive, it is extremely important that the laptop you get will suit your needs as well as last at least 3 to 5 years or until you have money to upgrade on a newer model. With all these in mind, here are some ideas that you can tinker with and keep in mind when shopping around for laptops

    Evaluate your needs.
    People purchase laptops for different reason. Some people buy it for mobile gaming purposes while others use it primarily for work. Some purchase laptops for computing convenience while others use it to edit photos and videos on the fly. Well, if you are on the hunt for the best laptop for you, always consider first and foremost why you need the machine and what will you use it for. Reflecting on this first will help you decide on the specifications, dimensions, features, and brand of the laptop that you should purchase. This will surely narrow down your search.
    Dimensions and weight.
    Again, this aspect of a laptop is better left to the actual reason why you need a laptop. If you are a gamer or heavy into graphics, then having a large laptop with a nice 19 to 20 inch screen size might be the option for you. On the other hand, if you are the casual user focusing on being able to check your email and surf the web occasionally on the go, then consider a smaller and less bulkier one, something that has a 10 to 12 inch screen size. Decide if you want the machine to be lightweight and super thin as well.
    Specifications.
    For many people, all the other aspects won’t really matter since laptop value should be determined with the specifications. Yes, people want maximum computing power in relation to acceptable costs. Decide if you want an Intel or AMD duo or quad core processor. Decide on a 500gb or 1tb hard drive. Ramp up your memory from the standard 2gb to 6 or 8gb. Finally, will you be heavy on gaming or will you be a casual user to help you decide if you need advanced graphics card or the cheaper on-board ones. Specifications are equivalent to computing power and it is highly recommended to purchase a machine with this aspect primarily in mind.
    Brand and warranty.
    Some people choose laptops based on brands. For instance, brands like Dell, Apple, IBM, and HP are probably the most popular brands in laptops and most people will settle purchasing these. However, buying branded does not really equate to performance. Some of the smaller brands may provide better machines at less cost. However, if you are looking for solid warranties and support, then it would be a good idea to go with these major brands.
    Features.
    Again, this would depend on your needs. Need extra USB ports, powerful Wireless networking, an integrated card reader, a sim card slot for 3G connectivity, and extended battery life? Yes, these features should always6 be considered when shopping since these little things actually make the laptop more useful. Don’t forget to keep the features of a laptop in mind when choosing one.
    In the end, it will all boil down to the cost for most people. You will definitely want to get value for your money. However, it will depend on what you need it for. This being said, determine your budget and needs and buy one that you think will suit both acceptably.


    FOR MORE CONTACT ME
    mail me: silentagentx@gmail.com
    phone no: +91 9746558373
     

    Essential Network Security Tools for Hacking

      Wireshark

    Wireshark logo Wireshark (known as Ethereal until a trademark dispute in Summer 2006) is a fantastic open source multi-platform network protocol analyzer. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. It also supports hundreds of protocols and media types. A tcpdump-like console version named tshark is included. One word of caution is that Wireshark has suffered from dozens of remotely exploitable security holes, so stay up-to-date and be wary of running it on untrusted or hostile networks (such as security conferences).

      Metasploit

    Metasploit logo Metasploit took the security world by storm when it was released in 2004. It is an advanced open-source platform for developing, testing, and using exploit code. The extensible model through which payloads, encoders, no-op generators, and exploits can be integrated has made it possible to use the Metasploit Framework as an outlet for cutting-edge exploitation research. It ships with hundreds of exploits, as you can see in their list of modules. This makes writing your own exploits easier, and it certainly beats scouring the darkest corners of the Internet for illicit shellcode of dubious quality.
    Metasploit was completely free, but the project was acquired by Rapid7 in 2009 and it soon sprouted commercial variants. The Framework itself is still free and open source, but they now also offer a free-but-limited Community edition, a more advanced Express edition ($3,000 per year per user), and a full-featured Pro edition ($15,000 per user per year). Other paid exploitation tools to consider are Core Impact (more expensive) and Canvas (less).
    The Metasploit Framework now includes an official Java-based GUI and also Raphael Mudge's excellent Armitage. The Community, Express, and Pro editions have web-based GUIs.

    Nessus

    Nessus logo Nessus is one of the most popular and capable vulnerability scanners, particularly for UNIX systems. It was initially free and open source, but they closed the source code in 2005 and removed the free "Registered Feed" version in 2008. It now costs $1,200 per year, which still beats many of its competitors. A free “Home Feed” is also available, though it is limited and only licensed for home network use.
    Nessus is constantly updated, with more than 46,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a web-based interface, and an embedded scripting language for writing your own plugins or understanding the existing ones. The open-source version of Nessus was forked by a group of users who still develop it under the OpenVAS name

    Aircrack

    Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It implements the best known cracking algorithms to recover wireless keys once enough encrypted packets have been gathered. . The suite comprises over a dozen discrete tools, including airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files).

    Snort

    Snort logo This network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.
    While Snort itself is free and open source, parent company SourceFire offers their VRT-certified rules for $499 per sensor per year and a complementary product line of software and appliances with more enterprise-level features. Sourcefire also offers a free 30-day delayed feed

      Cain and Abel

    UNIX users often smugly assert that the best free security tools support their platform first, and Windows ports are often an afterthought. They are usually right, but Cain & Abel is a glaring exception. This Windows-only password recovery tool handles an enormous variety of tasks. It can recover passwords by sniffing the network, cracking encrypted passwords using dictionary, brute-force and cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols

    BackTrack
    This excellent bootable live CD Linux distribution comes from the merger of Whax and Auditor. It boasts a huge variety of Security and Forensics tools and provides a rich development environment. User modularity is emphasized so the distribution can be easily customized by the user to include personal scripts, additional tools, customized kernels, etc.


     NETCAT
    This simple utility reads and writes data across TCP or UDP network connections. It is designed to be a reliable back-end tool to use directly or easily drive by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need, including port binding to accept incoming connections.
    The original Netcat was released by Hobbit in 1995, but it hasn't been maintained despite its popularity. It can sometimes even be hard to find a copy of the v1.10 source code. The flexibility and usefulness of this tool prompted the Nmap Project to produce Ncat, a modern reimplementation which supports SSL, IPv6, SOCKS and http proxies, connection brokering, and more. Other takes on this classic tool include the amazingly versatile Socat, OpenBSD's nc, Cryptcat, Netcat6, pnetcat, SBD, and so-called GNU Netcat
    Tcpdump
    Tcpdump is the network sniffer we all used before (Wireshark) came on the scene, and many of us continue to use it frequently. It may not have the bells and whistles (such as a pretty GUI and parsing logic for hundreds of application protocols) that Wireshark has, but it does the job well and with less security risk. It also requires fewer system resources. While Tcpdump doesn't receive new features often, it is actively maintained to fix bugs and portability problems. It is great for tracking down network problems or monitoring activity. There is a separate Windows port named WinDump. tcpdump is the source of the Libpcap/WinPcap packet capture library, which is used by Nmap and many other tools. Read 1 review.

      John the Ripper
      John the Ripper is a fast password cracker for UNIX/Linux and Mac OS X.. Its primary purpose is to detect weak Unix passwords, though it supports hashes for many other platforms as well. There is an official free version, a community-enhanced version (with many contributed patches but not as much quality assurance), and an inexpensive pro version. You will probably want to start with some wordlists, which you can find here, here, or here.

    Kismet
    Kismet is a console (ncurses) based 802.11 layer-2 wireless network detector, sniffer, and intrusion detection system. It identifies networks by passively sniffing (as opposed to more active tools such as NetStumbler), and can even decloak hidden (non-beaconing) networks if they are in use. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, log traffic in Wireshark/tcpdump compatible format, and even plot detected networks and estimated ranges on downloaded maps. As you might expect, this tool is commonly used for wardriving. Oh, and also warwalking, warflying, and warskating, etc.


     Ping/telnet/dig/traceroute/whois/netstat


    While there are many advanced high-tech tools out there to assist in security auditing, don't forget about the basics! Everyone should be very familiar with these tools as they come with most operating systems (except that Windows omits whois and uses the name tracert). They can be very handy in a pinch, although more advanced functionality is available from Hping and Netcat.
     

    BackTrack 5 . 13 tips do after installation

    If you are using backtrack 5 and having some problems like sound problem, social media software problem, software manager problem and so many more. Some of the blog readers has send a request about these things, if you have used Ubuntu than you must have an idea about tweaks and software manager in Ubuntu. How easy and user friendly Ubuntu is, for backtrack5 you can also do all these stuffs because it is based on Ubuntu. For this tutorial I am using backtrack5 GNOME based, so below are the some tips to make your bt5 as a desktop operating system that contain all the necessary tools and software's.




    1. Movie/Video player for Gnome
    There are different programs are available for GNOME based distribution among them totem media player for Linux is the best open terminal and type.
               sudo apt-get install totem-gstreamer
     2.  Team viewer

    Team viewer is the best software for desktop sharing and its available for windows and Linux, go to the official website and download a copy than open the terminal and locate the directory than type.
              sudo dpkg -i teamviewer_linux.deb
    3.Zip & Unzip for Linux

    If you want to run zip files and having some problem with it than you must install zip and unzip for Linux, open the terminal and type
              sudo apt-get install zip
    4. Empathy Chat Client for Linux

    You are a social kind of person and want to connect with people via chat than you must install empathy because it provides best chat platform on the single place, open terminal and type  
                    sudo apt-get install empathy
    5. PDF Reader for Linux

    You can install adobe reader in Linux but there is another software available to read the pdf file and its Foxit reader, download it from official website and on the terminal locate the directory than type
                             sudo dpkg -i FoxitReader_1.1.0_i386.deb
    6.Office for Linux

    Openoffice is the best solution for office users on open source platform get it by using the command
                            sudo apt-get install openoffice.org
     7.Software Manager for Linux

    Software manager is the right place to search and get the right open source software if your Linux does not have software manager than you must install kate for it on the terminal.
                               apt-get install kate
    8.Firewall for Linux
    Have you ever checked your ports by using nmap? if no than you are in dark, open ports are the weakest point of the system security you must close your ports for closing the ports in Linux use Firewall, Firestarter firewall is the best get it via  
                        sudo apt-get install firestarter
    9.Gwibber Social Media Client
    Social media including twitter, facebook and more are now become more power full and successful so if you want use all these social networking website in a single place than get gwibber. 
                        sudo apt-get install gwibber
    10.FTP Client for Linux
    FTP (File transfer protocol) is an important protocol for transferring the large files, if you want to connect to any server via FTP than you must have gFTP like client get it.
                                 sudo apt-get install gftp 
    11.If you are experiencing sound and voice problem is backtrack 5 (ubuntu) Linux than you must care about codec and other restrictions of Ubuntu.
                        sudo apt-get install ubuntu-restricted-extras
                 sudo apt-get install w32codecs
                 sudo apt-get install w32codecs libdvdcss2
    12.How to Update & Upgrade Linux
    It is a better policy to update all the software's and packages on frequently to avoid any kind of exploitation, well for complete Linux up-gradation use  
                               sudo apt-get upgrade
    13.While for updating all the software's and packages use 
                             sudo apt-get update 
     

    Howto: Sniff or Hack someone’s username and password over an SSL encrypted connection with Ubuntu Linux

    Do you think you're safe if you type https :// before gmail.com or paypal.com? I hope you'll think twice before you login from a computer connected to a wireless network after reading this guide. Let's start at the beginning. Let's say you have an evil neighbour who wants your paypal credentials. He buys himself a nice laptop with a wireless card and, if you are using a wep encryption, he cracks your wep code (click here to see how). After cracking the key he logs into your network. Maybe you always allowed him to use your network because you thought it can't do any harm to your computer. You aren't sharing any folders so what's the problem? Well, in the next few steps I'm going to describe the problem.

    Guide

    1. Let's assume your neighbour uses linux to crack your wep key. After cracking it, he installs ettercap (http://ettercap.sourceforge.net/) on his linux system. If you want to do this at home, I would recommend you to download BackTrack because it already has everything installed. If you want to install it on your own linux distribution, download the source and install it with the following commands:


    $ tar -xzvf ettercap-version.tar.gz

    $ make

    $ make install

    To install in Ubuntu simply click here within firefox or:
    sudo apt-get install ettercap-gtk


    2. After installing, you need to uncomment some code to enable SSL dissection. Open up a terminal window and type “nano /usr/local/etc/etter.conf”, without the quotes. Scroll down using your arrow keys until you find this piece of code:

    if you use iptables:

    # redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”

    # redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”

    You need to uncomment the last two lines.


    redir_command_on = “iptables -t nat -A PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”

    redir_command_off = “iptables -t nat -D PREROUTING -i %iface -p tcp -dport %port -j REDIRECT -to-port %rport”


    3. Press CTRL+O, press enter to safe the file and then press CTRL+X.

    4. Start Ettercap and click on Sniff > Unified Sniffing > type in your wireless interface and press ok.

    5. Press CTRL+S to scan for hosts

    6. Go to MITM > ARP poisoning, select sniff remote connections and press ok.

    7. Now you (and your neighbour!) can start sniffing! Press start > start sniffing. Walk to another computer on your network and open up paypal or any other site where you need to type in an username/password (gmail, hotmail, digg.com, etc.). All credentials will appear on the computer running Ettercap!

    8. When you're done, don't just close Ettercap, but go to Start > Stop Sniffing, and then go to MITM > Stop mitm attack(s).

    But how does all this stuff work?

    Look at the following scheme:

    Normally when you type in a password, host 1 (your computer) directly connects to host 2 (your modem or router). But if someone launced Ettercap on your network, host 1 isn't sending it's passwords to host 2, but to the Attacking host, the host that's running Ettercap! The attacking host sends everything to Host 2. This means that host 1 isn't noticing anything! Exactly the same happens with everything that host 2 is sending. Host 2 doesn't send packets directly to host 1, but forst to the attacking host.
     

    Facebook Is Using You

    LAST week, Facebook filed documents with the government that will allow it to sell shares of stock to the public. It is estimated to be worth at least $75 billion. But unlike other big-ticket corporations, it doesn’t have an inventory of widgets or gadgets, cars or phones. Facebook’s inventory consists of personal data — yours and mine.


    Facebook makes money by selling ad space to companies that want to reach us. Advertisers choose key words or details — like relationship status, location, activities, favorite books and employment — and then Facebook runs the ads for the targeted subset of its 845 million users. If you indicate that you like cupcakes, live in a certain neighborhood and have invited friends over, expect an ad from a nearby bakery to appear on your page. The magnitude of online information Facebook has available about each of us for targeted marketing is stunning. In Europe, laws give people the right to know what data companies have about them, but that is not the case in the United States.
    Facebook made $3.2 billion in advertising revenue last year, 85 percent of its total revenue. Yet Facebook’s inventory of data and its revenue from advertising are small potatoes compared to some others. Google took in more than 10 times as much, with an estimated $36.5 billion in advertising revenue in 2011, by analyzing what people sent over Gmail and what they searched on the Web, and then using that data to sell ads. Hundreds of other companies have also staked claims on people’s online data by depositing software called cookies or other tracking mechanisms on people’s computers and in their browsers. If you’ve mentioned anxiety in an e-mail, done a Google search for “stress” or started using an online medical diary that lets you monitor your mood, expect ads for medications and services to treat your anxiety.
    Ads that pop up on your screen might seem useful, or at worst, a nuisance. But they are much more than that. The bits and bytes about your life can easily be used against you. Whether you can obtain a job, credit or insurance can be based on your digital doppelgänger — and you may never know why you’ve been turned down.
    Material mined online has been used against people battling for child custody or defending themselves in criminal cases. LexisNexis has a product called Accurint for Law Enforcement, which gives government agents information about what people do on social networks. The Internal Revenue Service searches Facebook and MySpace for evidence of tax evaders’ income and whereabouts, and United States Citizenship and Immigration Services has been known to scrutinize photos and posts to confirm family relationships or weed out sham marriages. Employers sometimes decide whether to hire people based on their online profiles, with one study indicating that 70 percent of recruiters and human resource professionals in the United States have rejected candidates based on data found online. A company called Spokeo gathers online data for employers, the public and anyone else who wants it. The company even posts ads urging “HR Recruiters — Click Here Now!” and asking women to submit their boyfriends’ e-mail addresses for an analysis of their online photos and activities to learn “Is He Cheating on You?”
    Stereotyping is alive and well in data aggregation. Your application for credit could be declined not on the basis of your own finances or credit history, but on the basis of aggregate data — what other people whose likes and dislikes are similar to yours have done. If guitar players or divorcing couples are more likely to renege on their credit-card bills, then the fact that you’ve looked at guitar ads or sent an e-mail to a divorce lawyer might cause a data aggregator to classify you as less credit-worthy. When an Atlanta man returned from his honeymoon, he found that his credit limit had been lowered to $3,800 from $10,800. The switch was not based on anything he had done but on aggregate data. A letter from the company told him, “Other customers who have used their card at establishments where you recently shopped have a poor repayment history with American Express.”
     
     
    Support : Ebin EPhrem | Ebin Ephrem | #Gabbarism
    Copyright © 2011. Services | Embedded Support | Reviews | Virtual Technologys - All Rights Reserved
    Template Created by ebinephrem.com Published by Ebin Ephrem
    Proudly powered by Blogger