Scribd Logo
Upload

Welcome to Scribd!

  • Engenhariasocial2012 120728073956 Phpapp01

    Uploaded by

    MaiiJoliMaii
    42 views130 pages
    engenharia social

    Original Title

    engenhariasocial2012-120728073956-phpapp01

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    engenharia social

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    42 views130 pages

    Engenhariasocial2012 120728073956 Phpapp01

    Uploaded by

    MaiiJoliMaii
    engenharia social

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 130

    ENGENHARIA

    SOCIAL
    A DOCE ARTE DE HACKEAR MENTES

    Rafael Jaques
    @rafajaques

    #FISL13
    28.07.2012

    Se algum de vocs tem falta de


    sabedoria, pea-a a Deus, que a
    todos d livremente, de boa
    vontade; e lhe ser concedida.
    Tiago 1.5

    Ateno!
    As informaes contidas nesta apresentao so apenas de carter
    informativo. O conhecimento e as tcnicas abordadas no visam ensinar
    como enganar as pessoas ou obter qualquer tipo de vantagem sobre
    outrem.
    O objetivo apenas demonstrar os pontos fracos que existem nas
    corporaes e sistemas para que seja possvel sanar estas debilidades.

    Antes de comear necessrio


    saber algumas coisas...

    Vai falar de casos extremos?

    SIM!

    Vou sair daqui paranoico?

    SIM!

    Posso usar essas tcnicas para o mal?

    No a ideia...

    Todos prontos? Ento vamos l!

    60%
    Admitem ter roubado
    algum tipo de informao
    ao sair do emprego.

    Safados!

    em cada

    10

    tm acesso s informaes
    aps sair da empresa.

    Hoje em dia os

    ALVOS
    so as

    PESSOAS
    e no mais sistemas.

    1. O que Engenharia Social?

    O que Engenharia Social?

    A hbil manipulao da
    tendncia humana
    natural de confiar.

    Mas por que atacar uma pessoa


    e no um sistema?

    Mas como atacar utilizando


    Engenharia Social?

    Conquistar a confiana do alvo

    Fazer sentir-se seguro

    Mesclar as perguntas

    Sensao de dever cumprido

    Quem usa Engenharia Social?

    Mas por que Engenharia Social funciona?

    Diante de uma larga frente de batalha,


    procure o ponto mais fraco, e, ali,
    ataque com a sua maior fora.

    Sun Tzu - A Arte da Guerra

    E qual o ponto mais fraco?

    PESSOAS!

    Pessoas tendem a acreditar

    Pessoas querem ajudar

    Pessoas so complacentes

    ... e impacientes tambm!

    Engenheiros sociais so bons com emoes!

    Algumas estatsticas da terra do Tio Sam...

    S no ano de 2009...

    11 milhes
    de pessoas foram vtimas
    de roubo de identidade.

    S no ano de 2009...
    O total de fraudes
    movimentou aproximadamente

    US$ 54 bilhes

    S no ano de 2009...
    As vtimas gastaram em mdia

    21
    U$373

    horas

    e
    resolvendo o crime!

    13%
    das fraudes de identidade
    foram cometidas por algum
    que a vtima conhecia.

    2. Caractersticas de um Engenheiro Social

    Bem apresentvel

    Bom observador

    Aproveita-se da inocncia

    Comunica-se bem

    Usa bem a voz

    Faz a vtima entregar o ouro voluntariamente

    Kevin D. Mitnick

    Vamos aprender um pouco com


    a histria dele!

    Hackers 2:
    Operation Takedown

    Se ficar com vontade de assistir,


    tem o filme todo no YouTube!
    http://youtu.be/nVPV5dzM0yY

    3. Como se Manifesta a Engenharia Social?

    E-mails

    Tem um Fusca
    gelo na frente
    da tua casa?

    Telefone

    Carta

    Pessoalmente

    4. Tcnicas de Engenharia Social

    Dumpster Diving

    Shoulder Surfing

    Impersonate

    http://www.silicon.com/technology/hardware/2007/12/10/criminals-posing-as-police-burgleverizon-data-centre-39169416/

    Rush/No Authentication

    Phone Phising

    Data Collection

    Phishing/SCAM

    74%
    ...dos SPAMs relatados em 2010
    eram de produtos farmacuticos.

    VIAGRA!

    Como identificar?

    Se o link terminar em .php,


    ento vrus. :P (brincadeira)

    http://fidelidade.promocaoscielo.com

    http://info.abril.com.br/noticias/seguranca/brasilieiros-sao-os-que-mais-sofrem-phishing-19042011-30.shl

    A tcnica do CD-R

    Hackers 2:
    Operation Takedown

    Trecho demonstrando algumas


    tcnicas em ao!

    5. Objetivos da Engenharia Social

    Fugir de problemas

    Ganhar dinheiro roubando ou


    vendendo dados da vtima

    Espionagem industrial

    Satisfao pessoal

    Pura sacanagem

    6. Fatores de Risco

    Fatores de Risco

    Voc anota suas senhas?

    Sempre as mesmas senhas?

    Minha senha
    123!

    Fala por telefone?

    Deixa logado quando sai?

    Ameaas Internas

    7. Quer Ver o Quanto Voc se Expe?

    Como voc se
    comporta nas redes
    sociais?

    E no mundo real?

    8. Engenharia Social e as Redes Sociais

    Recheadas de dados

    No necessita de grandes habilidades

    As informaes so pblicas

    Autenticao falsa

    Fcil influenciar

    9. Aprenda a se Proteger!

    Torne-se familiar
    com as tcnicas!

    Eduque quem
    est ao seu redor.

    Formalize os procedimentos
    de acesso a dados.

    AS

    FRAQUEZAS
    MORTAIS
    by Cisco

    1. Sex Appeal

    2. Ganncia

    3. Vaidade

    4. Confiana

    5. Preguia

    6. Compaixo

    7. Urgncia

    Mas e agora...
    Onde aprendo mais?

    Livros

    Sites
    Social Engineering Framework (en_US)
    http://www.social-engineer.org/framework/
    Symantec Security Articles (en_US)
    http://www.symantec.com/connect/security/articles
    Social Engineering Toolkit (pt_PT)
    http://ptcoresec.eu/SET.pdf

    Dvidas?
    Nem entendi
    nada!

    Obrigado!
    Rafael Jaques
    rafa@php.net
    phpit.com.br
    @rafajaques
    slideshare.net/rafajaques

    Referncias

    + Fontes consultadas
    - Palestras
    Entendendo a Engenharia Social : Daniel Marques : http://www.slideshare.net/danielcmarques/entendendo-a-engenharia-social
    Engenharia Social : Marcelo Lau : http://www.slideshare.net/datasecurity1/engenharia-social
    Social Engineering - Exploiting the Human Weakness : Wasim Halani : http://www.slideshare.net/washal/social-engineeringcasestudy
    Social engineering & social networks : Sharon Conheady : http://www.slideshare.net/infosec10/social-engineering-socialnetworks-public-version
    - Sites
    http://www.us-cert.gov/cas/tips/ST04-014.html
    http://www.cisco.com/web/about/security/intelligence/mysdn-social-engineering.html
    http://www.social-engineer.org/framework/Social_Engineers:_Disgruntled_Employees#Statistics
    http://www.fraudes.org/showpage1.asp?pg=7
    http://www.symantec.com/business/threatreport/topic.jsp?id=highlights
    http://www.massachusettsnoncompetelaw.com/
    http://en.wikipedia.org/wiki/Social_engineering_(security)
    http://www.spendonlife.com/blog/2010-identity-theft-statistics
    http://mashable.com/2011/01/20/black-hat-hacking-stats/
    http://www.consumerfraudreporting.org/internet_scam_statistics.htm
    http://informatica.terra.com.br/virusecia/spam/interna/0,,OI126626-EI2403,00.html
    http://press.pandasecurity.com/wp-content/uploads/2011/01/The-Cyber-Crime-Black-Market.pdf
    http://monografias.brasilescola.com/computacao/seguranca-informacao-vs-engenharia-social-como-se-proteger.htm
    http://www.iwar.org.uk/comsec/resources/sa-tools/Social-Engineering.pdf
    http://www.esha.be/fileadmin/esha_files/documents/SHERPA/Report_on_mechanism_of_social_engineering.pdf
    http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html
    http://www.securingthehuman.org/blog/2011/01/22/social-engineering-deadly-weaknesses
    http://info.abril.com.br/noticias/seguranca/brasilieiros-sao-os-que-mais-sofrem-phishing-19042011-30.shl
    http://www.infosectoday.com/Norwich/GI532/Social_Engineering.htm
    http://www.pcworld.com/article/182180/top_5_social_engineering_exploit_techniques.html
    http://info.abril.com.br/noticias/seguranca/brasilieiros-sao-os-que-mais-sofrem-phishing-19042011-30.shl
    http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics

    Mdias

    Images:
    Capa - Master of Puppets - http://www.flickr.com/photos/50417132@N00/2178362181
    Person Icon http://edge-img.datpiff.com/ma336d2d/DeeZee_Too_Be_Continued_-back-large.jpg
    Calling http://www.flickr.com/photos/37475356@N00/5740461432
    Suit and Tie http://www.flickr.com/photos/55046645@N00/475680145
    Pierce Brosnan http://osolimpianos.files.wordpress.com/2009/05/jamesbond.jpg
    Computer Geek http://www.flickr.com/photos/18519023@N00/3498738259
    Seller http://www.flickr.com/photos/larskflem/93753458/in/photostream/
    Multiple Faces http://www.flickr.com/photos/56695083@N00/4470486685/
    Drunk Guys http://www.flickr.com/photos/82605142@N00/86601569
    Puss in Boots http://www.jpegwallpapers.com/images/wallpapers/Puss-In-Boots-Shrek-497126.jpeg
    Mother http://www.flickr.com/photos/brandoncwarren/5088547448/in/photostream/
    Dumpster Diving http://www.flickr.com/photos/75054419@N00/460133621
    Distrustful http://www.flickr.com/photos/37354253@N00/388468654
    Climb on giant tubes http://www.flickr.com/photos/squeakywheel/379078841/in/photostream/
    Shang Tsung http://www.umk3.net/images/portrait/shang_tsung.gif
    Shoulder Surfing http://www.flickr.com/photos/16258917@N00/2785190754
    Fisherman http://www.flickr.com/photos/41346951@N05/5187103981
    Red Telephone http://www.flickr.com/photos/pulpolux/151179802/
    Spam http://www.ciromota.net/wp-content/uploads/2008/10/spam.jpg
    Setting Up Email Account http://www.flickr.com/photos/pieterouwerkerk/698618765/in/photostream/
    Viagra http://www.n24.de/media/_fotos/bildergalerien/002011/valentinstag_1/7611575.jpg
    Pic of Email Screen (SPAM) http://www.fastactiontraining.com/wp-content/uploads/2010/10/Pic-of-Email-Screen.jpg
    Jornal Hoje http://4.bp.blogspot.com/_OZcgbN6AowE/S7uYcZuhbqI/AAAAAAAAAWQ/SKOM0o-_mIQ/s1600/jornal
    +hoje_globoc%C3%B3pia.jpg
    Baby at Computer http://www.flickr.com/photos/65315936@N00/5511409574
    Impressed http://www.flickr.com/photos/64114868@N00/1019654125
    Security Guy http://www.flickr.com/photos/51035555243@N01/268524287
    Head in Hand http://www.flickr.com/photos/34120957@N04/4199675334
    White Ninja http://www.flickr.com/photos/cverdier/3893327741/
    Lady Cat http://sweettater.files.wordpress.com/2010/03/cimg3458.jpg
    God of War http://wallpapers.freewallpapers.im/images/2011/02/1024x600/god-of-war-2-game-1935.jpg

    Masa e Slvio http://4.bp.blogspot.com/__UIUXK-sJhk/TOpBsG7XJwI/AAAAAAAABKM/DPuyUeFuTXk/s1600/maisa-esilvio.jpg


    Engineer at Work http://www.flickr.com/photos/hammershaug/4494291610/
    Password Security http://www.getadvanced.net/images/uploads/Computer_Password_-_Security_Breach.jpg
    Bum Shot http://www.flickr.com/photos/63423942@N00/497052735
    Written Password http://www.flickr.com/photos/22871132@N00/4051530414
    Japanese Guys http://img23.imageshack.us/img23/4451/1304026587.jpg
    Talk at Phone http://www.flickr.com/photos/colorblindpicaso/2717409111
    Call From Home http://www.flickr.com/photos/91672050@N00/257496969
    Handshake http://www.flickr.com/photos/65484951@N00/252924532
    Uncle Sam http://pslawnet.files.wordpress.com/2011/04/uncle-sam.jpg
    Mr. Box Man http://www.flickr.com/photos/ollesvensson/3686050837/
    Mails http://www.flickr.com/photos/comedynose/5666793668/
    V for Vendetta http://www.flickr.com/photos/edans/5400848923/
    Thinking http://www.flickr.com/photos/jakecaptive/3205277810/
    Soldiers http://www.flickr.com/photos/19743256@N00/2223783127
    Ps pra cima http://www.flickr.com/photos/81785266@N00/125463026
    Chat http://www.flickr.com/photos/62597560@N00/258434606
    Why you Meme http://clipartsy.com/FAVS/FAVICONIC.NET/April/y_u_no_guy_y_u_no-1331px.png
    Hand in hand http://www.flickr.com/photos/26993091@N08/4718225577
    Police Car in the Snow http://www.flickr.com/photos/64844023@N00/4198908464
    Friends http://www.flickr.com/photos/43081986@N00/115112704
    Impatient http://www.flickr.com/photos/45842803@N00/4795997639
    Thinking http://www.flickr.com/photos/7320299@N08/3283431745
    Social Media http://2.bp.blogspot.com/_m5OYm6Jx05Q/TVK1A53STtI/AAAAAAAAAZk/2iuw4Io838k/s1600/
    social_networks.jpg
    Band of Brothers http://www.flickr.com/photos/17149966@N00/460670492
    Weakest Link http://www.flickr.com/photos/53611153@N00/465459020
    Crowd http://www.flickr.com/photos/84856173@N00/3786725982
    Lazy http://www.flickr.com/photos/superfantastic/3010891914/
    Coins http://www.flickr.com/photos/restlessglobetrotter/3824486278/
    Wireless Fail http://www.flickr.com/photos/bnilsen/2880929094/
    The Thinker http://www.flickr.com/photos/53611153@N00/5827849044

    My Files http://www.flickr.com/photos/84172943@N00/5352825299
    CD-R http://www.flickr.com/photos/45382171@N00/1515739697
    Inside Outside http://www.flickr.com/photos/followtheseinstructions/5571697149/
    Pole Dance http://www.flickr.com/photos/46854683@N04/4547706741
    Seller http://www.flickr.com/photos/17768970@N00/4485455723
    Thumbs up http://www.flickr.com/photos/37961843@N00/6265449
    Greed http://www.flickr.com/photos/calliope/2207307656/
    Dress Table http://www.flickr.com/photos/centralasian/5968327542/
    Trust http://www.flickr.com/photos/43132185@N00/196015953
    Sloth http://www.flickr.com/photos/28442702@N00/279470157
    Compassion http://www.flickr.com/photos/29553188@N07/3573969837/
    Running http://www.flickr.com/photos/51035555243@N01/287666827
    Files http://www.flickr.com/photos/juniorvelo/3267647833/
    Goofy http://www.flickr.com/photos/42dreams/73838574/
    Library http://www.flickr.com/photos/51035555243@N01/85441961
    Talking Business http://www.flickr.com/photos/brymo/272834885/
    Mask http://www.flickr.com/photos/18548550@N00/5313987
    Young Gentleman http://www.flickr.com/photos/64031910@N00/422547724
    Goomba VS Mario and Yoshi http://www.flickr.com/photos/77161041@N00/2266201047
    Mother http://www.flickr.com/photos/54304913@N00/17647469
    Private Place http://www.flickr.com/photos/76151808@N00/6100020538
    Kevin David Mitnick http://www.starnostar.com/data/images/who-is-Kevin-Mitnick-is-star-or-no-star-Kevin-David-Mitnickcelebrity-vote.jpg
    The Jersey Devil http://www.flickr.com/photos/79874304@N00/285367520
    A little better than the last group http://www.flickr.com/photos/81881849@N00/3222035439
    Operation Takedown http://filmescomlegenda.net/wp-content/uploads/2009/03/operation-takeodown-300x422.jpg
    I Have You Now http://www.fotopedia.com/items/flickr-3500989490
    Spying Turquoise http://www.flickr.com/photos/jdhancock/7439564750/
    Office Prank http://www.sprichie.com/wp-content/uploads/2012/01/office_pranks_05.jpg

    Crachs (sinto muito se sentiram-se ofendidos):


    http://farm4.static.flickr.com/3289/2295308772_cecfd160ea.jpg
    http://i279.photobucket.com/albums/kk160/lukstuning/DSC04358.jpg?t=1282497031
    http://2.bp.blogspot.com/_mKoEIJZM0sk/SCDHHKtX2qI/AAAAAAAAAdU/OXDvNt9iqqU/s320/Foto-0336.jpg
    Backgrounds:
    Azul http://wallshq.com/wp-content/uploads/original/2011_06/80_blue-abstract-background_WallsHQ.com_.jpg
    Verde http://srv4.imghost.ge/out.php/i212027_greenabstractbackground.jpg
    Laranja http://wallpapers.free-review.net/wallpapers/19/Orange_abstract_wallpaper.jpg
    Videos:
    Jedi Mind Trick http://www.youtube.com/watch?v=bJiqrVWLfdw

    You might also like