New Detection Technique – Social Engineering Toolkit

January 26, 2015 | Garrett Gross

Have you ever heard of “penetration testing” (or “pen testing”)? That’s when a security professional tries to hack into their own (or their client’s) environment to ensure that the security controls put in place are, in fact, functioning properly. It’s a great technique and can uncover some overlooked soft spots in an organization’s defense.

Historically, experts in the field using ad hoc tools and techniques have done this type of testing but the increasing availability of ready-made toolkits on the internet makes pen testing accessible to even those with less developed skill sets. The unfortunate result is that criminals, regardless of their skill level, can (and will) use these tools against their victims, allowing them to execute attacks essentially with the push of a button.

A particularly powerful example is the “Social Engineer Toolkit” (SET), it is a tool aimed at penetration testing around Social Engineering. Social Engineering refers to the manipulation of people into carrying out actions or revealing confidential information with the purpose of information gathering, fraud, or system access. Some examples of social engineering are: Baiting, Phishing, Spam, Spear phishing. SET is pre-loaded with these various attack sequence and more.

SET allows attackers to execute complicated attacks quickly and in rapid succession. These extremely sophisticated attacks are carried out using techniques that, previously, were only available to those with advanced skill sets.

The AlienVault Labs team has recently released several IDS signatures and a correlation rule to AlienVault USM to detect when a user in your network environment is being attacked with the Social Engineer Toolset. You can get more details on the latest USM threat intelligence updates here.

Garrett Gross

About the Author: Garrett Gross

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.

Read more posts from Garrett Gross ›


Watch a demo ›
Get price Free trial