Lesson 20 : Introduction To Phishing Attacks Video Lecture | Ethical Hacking using Kali Linux (in English) - Software Development

hey guys welcome to the next tutorial
for ethical hacking and penetration
testing with Kali Linux so in the
previous tutorial we took a look at
trace route and it has different tools
and different ways to gather information
about IP addresses OS fingerprinting via
tools which are outside of Kali Linux
not inside and I will be teaching you
the different tools that we have in set
Kali Linux but so far we have discussed
ways techniques of gathering information
either with the help of online resources
or tools but now I will discuss
footprinting through social engineering
that is the art of grabbing information
from people by manipulating them and
this section will cover the social
engineering concept and techniques used
to gather information so social
engineering is the art of convincing
people to reveal confidential
information social engineers depend on
the fact that people are unaware of
their valuable information and they're
very careful careless about protecting
it so although some people say that
social engineering is a totally
non-technical process I don't agree with
that what you would need to go and do
some social nearing attack would be at
least the basic knowledge of whatever
information you are trying to gather may
it be the credit card or debit card
passwords or the company information or
anything you need to have information
about that and you need a lot of
confidence to talk about that so that
the person in front of you thinks you
are genuine so social meaning is the
attack in which the attacker tricks the
person and obtains confidential
information about the target in such a
way that target is unaware of the fact
that someone is trying to steal the
information the attacker actually plays
a very you can say a scanning game with
the target to obtain confidential
information
the attacker takes advantage of the
helping nature of people and the
weakness to provide confidential
information so however there can be a
different ways of social engineering
attack in the previous days there was a
great hacker his name was kevin Mitnick
i'll just score and show you out his
profile he was the best high he's the
best hacker of all time and he was a
Fisher Fisher means he mostly used to do
phishing attacks by calling people and
telling them that I am this guy and he
will he stole
number of amounts billions of dollars
and but later on he was caught by the
FBI and he was incarcerated but after
five years when he came back he started
his own security agency and now he's a
very good security consultant so he can
go and watch his tutorials at Def Con
and he is quite good
he's if you go and even search the best
hacker in the world the first name would
be color that would come myself kevin
Mitnick and it's so if what you and he's
the best social engineer that this world
has ever had I can say that because as
you can see I'll just go take you
through Wikipedia so as you can see that
in 1999 he was convicted of various
computer crimes and he was the most
wanted hacker in the United States so
simple iam if you don't know what
imperium is the latest hacking tool for
an Android operating system and I I must
did not knew that kevin Mitnick made
that previously it was known as D
exploit and now it's known as Imperium
and it is Fisher attack it is an
application to go ahead and do phishing
attack I can continue I want to continue
okay
how do I continue over to check okay
although it may show that there are
difference there is nothing because the
reason being that des products can see
that it has merged with empyrion zante -
which is as of now free and simple IAM
is very good in fact but i would
officially support des plot even though
simple IAM is quite better than the
exploit the reason being that it is it
does not have an offline version which i
can do by using the DRDs which ES and
offline version so in this K perfect so
this was developed by kevin Mitnick and
yep so he was the best hacker for time
he suggests let us say for example he
used to just call and tell them hey I am
calling you from this company and due to
this reason your card was blocked with
card was hacked so KN just him and he
will not even ask you the total let's
say your card number
it was just good I ask you the last four
digits or he has this receiving number
and he will gather the first few digits
from somewhere else or he will call
sometime later on or some weeks later on
us even someone stated on and it will
ask you only the first 12 digits and he
used to gather information separately
that was the best part that no one was
even bothered to think that okay he is
just asking for the only one or two are
parts of my whole card and they used to
simply give them out and he had into
several different parts and that's how
and also this specific part in Cal Linux
I can just go ahead and show it out to
you it was developed by kevin Mitnick
and someone else I believe his name is
David so I'll just wouldn't owe you he
developed this social engineering
toolkit and yes perfect
so we have these different attacks and
of social engineering which we can do
but these are a bit technical and then
which I was telling you was
non-technical
so to gain a to perform social
engineering attack you first need to
gain the confidence of the authorized
user and then trick him or her into
revealing confidential information the
basic goal of social engineer
aggghhhhh is to obtain required
confidential information and then use
the information for hacking attempt such
as gaining unauthorized access to the
system identity theft
industrial espionage and many more so
social engineering can be performed in
many ways such as eavesdropping shoulder
surfing dumpster driving impersonation
on social engineering attacks and so on
so collecting information using
eavesdropping shoulder surfing and
dumpster diving is quite different which
normally we you won't do but that is
also quite a very risky that's why
people normally use these days a machine
Strider to go ahead and shred all of the
documents before they actually go ahead
and put it in the garbage heap dropping
is just going ahead and listening to
some people's conversation can be either
by going near to them or by using any
other techniques such as through phones
or hacking into their phones or webcams
and camera and the best part of it is
that you can do all of these things with
just with the use of Kali Linux you
don't need to call them you don't need
to do anything and you can go ahead and
hack into their webcam or you can go and
create fake websites like phishing
attacks only by going to Harry and using
the Kali Linux after that we have
Dempster driving 20 or driving is also
known as thrashing where the attacker
looks for the information in the target
companies dumpster gay tiger may gain
vital information such as phone bills
counter information financial
information and you are wondering that
how dumpster diving can be useful it can
be something like this let's say for
your company has a lot of let's say IT
bills or not IT bills exactly let's say
due to some reason