Social Engineering

What are Sock Puppets in OSINT

Sock puppets, or research accounts, are fictitious online identities that conceal an OSINT investigator’s true identity. They are created to gain access to information that requires an account to access. However, it is essential to note that creating fake accounts goes against the Terms of Service of some websites. Therefore, the users are responsible for reading and understanding the Terms of Service of their websites. Although creating sock puppets is not usually illegal, it is equally important to check with your organization’s policies to ensure you have permission to create and use them.

Purpose of Sock Puppets

Sock puppets are created to keep OSINT research separate from personal life. This ensures that OSINT investigators maintain anonymity and practice good Operational Security (OPSEC). It is crucial to emphasize the importance of separating an OSINT investigator’s real identity from their research accounts.

Some social media platforms, such as Facebook, may expose your identity to a target being investigated through friend recommendations. Additionally, if you use your account to conduct online research, you may accidentally like a post or send a friend request to your target. To avoid these risks, it would help if you created sock puppets before starting your research. To put it in perspective, imagine yourself as a police officer conducting surveillance using your vehicle, which would reveal your identity. You would not do that, right? Similarly, using your personal social media accounts to research a subject could be better because it can expose your real identity.

What are the Sock Puppet Functions?

When you are passive, it means that you do not interact with a particular target. However, your profile might still show up in the “suggested friends” or “people to follow” results, so it is advisable to try blending in a little. One way to do this is by choosing a name that fits well with your target group.

Engaging with your target in some way, such as by adding them as friends on Facebook, is essential to conducting active research. Blending in with the target group during active research is even more crucial. If you plan on engaging with your target, creating a few accounts on different platforms is recommended to make it appear like you are a natural person.

January 4, 2024 by Cyber Security 0

8 Offensive Security Tools for SysAdmins

Photo by ThisisEngineering RAEng on Unsplash

Metasploit Framework Metasploit Framework – an open-source tool for exploit development and penetration testing. Metasploit is well known in the security community. Metasploit has exploited for both server and client-based attacks; with feature-packed communication modules (meterpreter) that make pwning systems fun! The framework now includes Armitage for point and click network exploitation. This is the go-to tool if you want to break into a network or computer system.

Defending against Metasploit :

  • Keep all software updated with the latest security patches.
  • Use strong passwords on all systems.
  • Deploy network services with secure configurations.

Ettercap Ettercap – a suite of tools for man in the middle attacks (MITM). Once you have initiated a man in the middle attack with Ettercap, use the modules and scripting capabilities to manipulate or inject traffic on the fly. Sniffing data and passwords are just the beginning; inject to exploit FTW!

Defending against Ettercap :

  • Understand that ARP poisoning is not difficult in a typical switched network.
  • Lockdown network ports.
  • Use secure switch configurations and NAC if the risk is sufficient.

SSLStrip sslstrip – using HTTPS makes people feel warm, fuzzy, and secure. With sslstrip, this security can be attacked, reducing the connection to an unencrypted HTTP session, whereby all the traffic is readable. Banking details, passwords, and emails from your boss, all in the clear. Even includes a nifty feature where the favicon on the unencrypted connection is replaced with a padlock just to make the user keep that that warm fuzzy feeling.

Defending against sslstrip :

  • Be aware of the possibility of MITM attacks (arp, proxies/gateway, wireless).
  • Look for sudden protocol changes in the browser bar. Not really technical mitigation!

Evilgrade evilgrade – another man in the middle attack. Everyone knows that keeping software updated is the way to stay secure. This little utility fakes the upgrade and provides the user with a not so good update. Can exploit the upgrade functionality on around 63 pieces of software including Opera, Notepad++, VMware, Virtualbox, iTunes, QuickTime and Winamp! It really whips the llama’s ass!

Defending against evilgrade :

  • Be aware of the possibility of MITM attacks (arp attacks, proxy/gateway, wireless).
  • Only perform updates to your system or applications on a trusted network.

Social Engineer Toolkit Social-Engineer Toolkit – makes creating a social engineered client-side attack way too easy. Creates the spear phish, sends the email and serves the malicious exploit. SET is the open-source client-side attack weapon of choice.

Defending against SET:

  • User awareness training around spear phishing attacks.
  • Strong Email and Web filtering controls.

SQLmap sqlmap – SQL Injection is an attack vector that has been around for over 10 years. Yet it is still the easiest way to get dumps of entire databases of information. Sqlmap is not only a highly accurate tool for detecting SQL injection, but also has the capability to dump information from the database and to even launch attacks that can result in operating system shell access on the vulnerable system.

Defending against sqlmap :

  • Filter all input on dynamic websites (secure the web applications).
  • Use mod_proxy or other web-based filtering controls to help block malicious injection attacks (not ideal as often able to bypass these web application firewalls (WAF).

Aircrack-NG aircrack-ng – breaking holes in wireless networks for fun and profit. A suite of tools that enables all manner of wireless network attacks.

Defending against aircrack-ng:

  • Never use WEP
  • When using WPA2 with pre-shared keys, ensure passwords are strong (10+ characters non-dictionary based passwords).

oclHashcat oclHashcat – Need to get some passwords from the hashes you grabbed with sqlmap? Use this tool to bust them open. Over 48 different hashing algorithms supported. Will use the GPU (if supported) on your graphics card to find those hashes many times faster than your clunky old CPU.

Defending against oclHashcat:

  • Passwords are the weakest link. Enforce password complexity.
  • Protect the hashed passwords.
  • Salt the hashes.
February 15, 2022 by Cyber Security 0

Recent Comments

No comments to show.