What results might you seek to achieve with social engineering, whether in a real attack or in penetration testing? Useful information for obtaining access or for testing can be grouped into the following categories:
Physical access (to steal, modify, destroy, or violate any or all of the three components of the CIA model—confidentiality, integrity, and availability—of protected resources)
Remote access credentials (password and other access credentials for phone, computer networks, and other equipment)
Information (data, source code, plans, customer data, and other proprietary, confidential, or secret data)
Violation of other security controls (such as making victims run code, transfer funds, or perform other actions on behalf of the social engineer)
For the purpose of this chapter, we divide social engineering attacks into active and passive. Active probes directly interact with the target and elicit its response, whereas passive attacks acquire information with stealth.
Active social engineering involves interaction with target personnel in order to obtain security-relevant information, gain access privileges, or persuade someone to commit a policy violation or act as a proxy on the attacker's behalf. In contrast, passive attacks include eavesdropping and observation and subsequent analysis of the results. Passive attacks often seek to acquire seed information with which to launch further active social engineering or network-based physical ...