Description: <div style="text-align: justify;">In this video, loganWHD from Social-Engineer.org demonstrates how to conduct a phishing attack on a company employees using the Social Engineers Toolkit (SET). He creates a professional looking website using SET and sends a link to the victim. Though in this example, email is being used to distribute the malicious website link, one could also have used XSS vulnerabilities or other social engineering techniques to get the victim to click the link and open it in his browser. Once the malicious site loads, it prompts the user to install a Java Applet, which seems to be from the "Microsoft Corporation". Though it is clearly visible that the origin of the applet is unknown, as the digital signature on the applet cannot be verified by the browser, most users will simply run it, as they see the "Microsoft Update" and "Microsoft Corporation" labels on it. Once the applet executes, it connects back to loganWHD's machine and gives him access to a command shell. GAME OVER! <br><br>This video once again demonstrates how a simple malware applet as in this case, can fool gullible users into running it by posing as a legitimate applet from a trusted source such as Microsoft. <br><br>We would recommend that you download the Social Engineering Toolkit and try this attack out yourself. Thanks to loganWHD for posting this video on SecurityTube! <br><br><br></div><style type="text/css">body { background: #FFF; } </style>
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.