Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,230 --> 00:00:08,840
In this section I will focus more about the tools that can be used in social engineering.
2
00:00:09,210 --> 00:00:14,850
It's not really an attack S. But it will show you that you should not trust anything.
3
00:00:14,940 --> 00:00:22,900
Email can be spoofed as M.S. can be spoof Mumbai or a cellular number can be spoofed.
4
00:00:22,920 --> 00:00:30,360
So my point is people trust e-mailed blindly they receive an e-mail coming from their manager.
5
00:00:30,390 --> 00:00:32,670
They will execute whatever is inside.
6
00:00:32,670 --> 00:00:36,090
They will never think that men can be spoofed or fake.
7
00:00:36,090 --> 00:00:37,860
Same concept apply for.
8
00:00:37,890 --> 00:00:40,510
You receive an m s s m s from your bank.
9
00:00:41,040 --> 00:00:42,740
You think it cannot be fixed.
10
00:00:42,750 --> 00:00:51,320
It can be fixed mobile number it can be checked so it's not really an attack S. S. It's more into the
11
00:00:51,360 --> 00:00:54,240
tools that is used into the attic.
12
00:00:54,930 --> 00:01:02,270
So if a malicious hacker utilize such tools it would be very easy for him to convince anyone to do anything
13
00:01:02,310 --> 00:01:04,320
that you want him to do.
14
00:01:04,320 --> 00:01:08,910
So if I sent an email coming from your friend or from your manager.
15
00:01:09,720 --> 00:01:20,910
If you don't have enough background or you are not aware enough you may be spoofed by this email and
16
00:01:20,910 --> 00:01:25,960
you will trust that the email is coming from this sender.
17
00:01:26,700 --> 00:01:34,800
So the first then I want to show you it's the spoofed website or the fake I'm sorry the spoofed email
18
00:01:34,890 --> 00:01:36,420
or the fake email.
19
00:01:36,600 --> 00:01:40,690
If you search on Google for fake email you will see this specific website.
20
00:01:40,710 --> 00:01:43,020
This is a quite interesting website.
21
00:01:43,020 --> 00:01:44,730
It's FREE.
22
00:01:44,730 --> 00:01:46,390
It's very effective.
23
00:01:46,740 --> 00:01:53,250
Most probably it will go to your inbox if you don't have a proper mail setting it may go to the junk
24
00:01:53,280 --> 00:01:56,020
but it may go to the inbox you can test it.
25
00:01:56,070 --> 00:02:03,180
You can fake an email showing it's coming from anyone to anyone and you can attach whatever you want
26
00:02:03,180 --> 00:02:10,070
you can send it in a text or as an etch TMLC it will shows like you know the message coming from Linked-In
27
00:02:10,080 --> 00:02:12,750
or from Twitters or this kind of thing.
28
00:02:12,930 --> 00:02:21,750
So using such a tool it's very very convenient and the noise they are keeping such website up and running
29
00:02:22,260 --> 00:02:24,530
because actually this is very dangerous.
30
00:02:24,600 --> 00:02:26,490
So let's try them here.
31
00:02:26,490 --> 00:02:27,650
I'm going to send the mail.
32
00:02:27,690 --> 00:02:39,060
That choice coming from John Smith's and I'm going to put an email or let's make it a let's make a mess
33
00:02:39,570 --> 00:02:44,970
and Zamir will be coming from John Smith's ABC dot com you can put anything you want.
34
00:02:44,970 --> 00:02:46,260
I can type this mess
35
00:02:49,410 --> 00:02:51,480
she Smyth's
36
00:02:54,250 --> 00:03:06,760
at Princeton as and dot com and we're going to send this e-mail to myself.
37
00:03:06,760 --> 00:03:09,520
I'm going to send it to different email.
38
00:03:09,790 --> 00:03:21,810
So let's try it was the emails that I'm using on my this thing MacBain and started at 3 AM talk of
39
00:03:24,830 --> 00:03:35,520
at g m x dot com.
40
00:03:39,860 --> 00:03:44,200
You the next.
41
00:03:46,100 --> 00:03:54,380
And that's why any such book as you made.
42
00:03:54,390 --> 00:03:56,750
Let me put any trust in me.
43
00:03:57,210 --> 00:03:57,850
OK.
44
00:03:57,890 --> 00:04:00,720
So the point is that can I if an email or not.
45
00:04:00,740 --> 00:04:01,920
Let's see.
46
00:04:02,660 --> 00:04:05,180
And I'm Robert
47
00:04:08,370 --> 00:04:16,990
and let's send it now he's saying this e-mail has been successfully sent.
48
00:04:17,230 --> 00:04:21,080
Let's see is this is a case.
49
00:04:21,270 --> 00:04:22,840
I'm going to get to my mobile phone.
50
00:04:23,110 --> 00:04:28,210
Now this can be used on mobile or of a computer or whatever.
51
00:04:29,210 --> 00:04:31,790
And let's see.
52
00:04:31,800 --> 00:04:33,700
Are we going to get anything going.
53
00:04:33,700 --> 00:04:37,760
Let me refresh it again.
54
00:04:38,320 --> 00:04:43,200
It's coming from John Smiths which it's not an existing person.
55
00:04:43,390 --> 00:04:50,010
And as you can see it showing that it came from John Smiths and this is his email to my e-mail.
56
00:04:50,020 --> 00:05:00,280
So imagine what can be done using this tool that you can like convince someone that an e-mail he received
57
00:05:00,280 --> 00:05:08,290
coming from his manager or his wife or his girlfriend or whatever was the case and you try to convince
58
00:05:08,290 --> 00:05:13,650
him what it was with or it may show it's coming from Microsoft or it's coming from their bank.
59
00:05:13,870 --> 00:05:16,640
But I have to tell you this is completely illegal.
60
00:05:16,660 --> 00:05:18,880
And in some country it's a federal crime.
61
00:05:19,180 --> 00:05:25,220
So it's not something to play with if you are doing a proper penetration testing in any organization
62
00:05:25,300 --> 00:05:32,650
and you see you need to check if people have enough awareness that if they received a suspicious e-mails
63
00:05:32,650 --> 00:05:34,030
they will verify.
64
00:05:34,720 --> 00:05:35,890
You can use these tools.
65
00:05:36,100 --> 00:05:39,340
Now only one witness we have such tools.
66
00:05:39,340 --> 00:05:40,570
It's a one way process.
67
00:05:40,600 --> 00:05:46,440
I mean you can send an e-mail showing that it's it's coming from someone.
68
00:05:47,110 --> 00:05:53,940
But what if the victim replied back the reply will be going to the right person.
69
00:05:53,960 --> 00:05:56,930
That's why when people use such tools they will never ask.
70
00:05:57,010 --> 00:06:00,070
They will never ask you to reply back.
71
00:06:00,130 --> 00:06:04,600
They will usually ask you to do something and says a minute please click on the link please download
72
00:06:04,600 --> 00:06:10,390
the attachment but they will never rip asked to reply back sending them your credential or any kind
73
00:06:10,390 --> 00:06:11,360
of information.
74
00:06:11,740 --> 00:06:17,800
So if you receive an email and you are says you are suspecting that this is a fake email you can try
75
00:06:17,800 --> 00:06:21,270
to reply back asking that you send me this email.
76
00:06:21,310 --> 00:06:26,270
This would be going to the website and same concept apply for any spoof technique.
77
00:06:26,320 --> 00:06:32,810
If you received a fake Ngubane fake phone call from a fake number.
78
00:06:33,550 --> 00:06:37,730
You can try to disconnect and call them back and so on.
79
00:06:37,750 --> 00:06:47,230
So this is one of the tool that if you use such tool is a technique that we explain in the previous
80
00:06:47,230 --> 00:06:49,300
lecture it would give you an
81
00:06:52,180 --> 00:06:54,420
extremely good results.
82
00:06:54,820 --> 00:06:58,660
But one more time this should be done in a proper frame.
83
00:06:58,720 --> 00:07:02,200
If you are doing good penetration testing with right I prefer.
7907
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.