This scenario will allow you to create a very basic application that will accept input from a user and return it in the HTML code of another page. This should indicate to you that it's likely to be a cross-site scripting (XSS) attack. I'm going to give you some very boring-looking code, and you can dress it up later if you wish.

A section on attacks against users and social engineering wouldn't be complete without even a brief mention of XSS—that most basic and pervasive of attacks. The merest mention of vulnerability to this attack used to make information security officers sweat; now they barely nod. It is accepted that one of the first things that a hacker or computer deviant learns is how to perform XSS. For those that don't know, XSS is the act of forcing JavaScript into the HTML of a web page and using it to perform actions. It can be used to deface websites and generally cause mischief and upset; however, its most widespread use is to steal unprotected...

The difficulty with social engineering training is that one of the core reasons social engineering works is that no one believes it will happen to them. Very few people believe that anyone is capable of talking them out of their millions (or thousands or whatever) but it does get done. They think 419 scammers and the like, while really social engineers look just like normal people with normal jobs and normal lives; they just occasionally talk their way into a little bit extra. This lack of belief from the majority of people makes social engineering training actually easier to do in a live environment than in a test environment, as a role player will know they are to be social engineered and will hold onto whatever secret information they have with tooth and claw. There are, however, some methods of simulating a live environment.

It's important to note that it is incredibly unethical to social engineer private information out of people for further...

A rabbit trail is a simulated chain of unintentional leaks and links inevitably leading to something secret. It's designed to test the ability of open source intelligence (OSINT) operatives to find out information about their targets and their target's intended activities. It can also be used to simulate the reconnaissance phase of a penetration test. During specific types of tests, it may be necessary to find out about individuals involved in the target company, and when assigned this task, few know what to do short of googling the individual's name. There's a great deal of skill that goes into effectively finding people on the Internet and uncovering their secrets (OkCupid is mild for the kind of people the world holds).

We're going to create a chain of social media accounts and open pages to lead the testers from one location to a completely different one that contains our key. We'll also set some ground rules for this kind of test. It's important that when...

Steganography is the practice of hiding information. It can be performed through a variety of means. The historic method that gets quoted a lot comes from the Roman Empire. Commanders would tattoo the heads of soldiers sent to escort diplomats with secret messages to be relayed at the other end. As the journeys were long and would take several months, the hair would grow back, hiding the message. I can only assume that until their hair reached a respectable length, they just wore hats or something.

This scenario isn't really a scenario. It's more of a set of ways to hide information in pictures and audio that can be used in other scenarios, notably in the rabbit trail. We are going to cover the use of some tools and a few other tips.

The following are exploit guides for the scenarios created in this chapter. These are guidelines and there are more ways to exploit the vulnerabilities.

In this chapter, we created cross-site scriptable code, designed tenuous links across the Internet, challenged some people best left inside to go outdoors, and generally covered skills that right-minded people wouldn't teach hackers. We established ground rules for these types of tests and hopefully hammered home that ethics before hacks is the right way to go. Your testers, having completed these tests, should feel comfortable performing attacks against users and prepared to at least start forays into the world of social engineering. Past a certain point though, it can only be done live.

The next chapter covers cryptography. I'm not a cryptographer by trade, so don't expect to see too many algorithms explained or bit-wise calculations. As with most things in this book, it'll be raw, unfiltered hackery with some bad commentary thrown in for good measure. We'll cover some ways to encode your data to mask it at least slightly, some outdated crypto-methods, and maybe one or two broken...