Social Engineering

Test for weaknesses. Educate users.

Testing and educating users.

Users become unwitting participants in network security breaches when they are unaware of risks. This results in the theft of private information such as account, PIN, and credit card numbers; passwords; and even information vital to national security. SAINT Security Suite can help you test users to determine their awareness of security risks and security training needs.

Testing and educating users.

Users become unwitting participants in network security breaches when they are unaware of risks. This results in the theft of private information such as account, PIN, and credit card numbers; passwords; and even information vital to national security. SAINT Security Suite can help you test users to determine their awareness of security risks and security training needs.

TEST 1

Phishing

SAINTexploit includes a phishing tool that allows you to send a customized e-mail message prompting users to take the bait. You can choose from numerous predefined HTML templates, create custom HTML, or send a simple text message.

Then, run the preconfigured SAINTwriter phishing report to present who passed, and who failed because they executed the action you requested in the message. View Sample Phishing Report.

TEST 2

Drive With Prompt

This exploit tool allows you to create a flash/USB drive or CD that uses autoplay command execution to prompt the user to run a program. It creates a command connection when it’s inserted into a Windows computer. Create the CD, leave it on a user’s desk, and watch to see if they take the bait.

TEST 3

Drive With Prompt

This exploit tool sends an email message with an attachment. If the recipient takes the bait and clicks on the attachment, a connection is opened.

TEST 4

Reverse Shell Applet

This exploit tool delivers a signed Java applet to a user via an HTML web page. If they take the bait and accept the signed digital signature, it establishes a reverse shell back to the exploit server.

TEST 5

Click Logger

This tool can be used to find out which users are susceptible to clicking on links in emails. It returns an error page and logs users who visit it.

TEST 6

Download Connection

This tool emails an executable file link to users. If they take the bait and launch it, it establishes a command connection to their computer.

TEST 7

Find Email Addresses

Although not directed at the user, this tool checks Internet search engines for corporate email addresses that the user may have entered into websites. These email addresses may be indexed by search engines. This tool is usually used for reconnaissance in support of one of the other exploit tools.

Extensive Client Exploit Library

SAINT Security Suite includes a library of more than 400 client exploits, targeting vulnerabilities in web browsers, media players, office applications, and other client applications. If the user takes the bait and opens the exploit content in a vulnerable application, a command connection to the user’s computer is opened.

LEARN MORE ABOUT
SOCIAL ENGINEERING ➤

LEARN MORE ABOUT
SOCIAL ENGINEERING ➤

By continuing to use the site, you agree to cookie usage. More Information

The cookie settings on this website are set to allow cookies to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings, or if you click "Accept" below then you are consenting to allow cookies to be used.

Close