Scribd Logo
Upload

Welcome to Scribd!

  • How To Hack A Human Tessian Research Hide01 Cyou @RedBlueTM @RedBlueHit

    Uploaded by

    shahriar tala
    31 views22 pages
    how to hack human

    Original Title

    How_to_Hack_a_Human_Tessian_Research_hide01_cyou_@RedBlueTM_@RedBlueHit

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    how to hack human

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    31 views22 pages

    How To Hack A Human Tessian Research Hide01 Cyou @RedBlueTM @RedBlueHit

    Uploaded by

    shahriar tala
    how to hack human

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 22

    TESSIAN.

    COM/RESEARCH
    TESSIAN.COM/RESEARCH
    Introduction

    hackers use this


    information to craft targeted - and effective - social
    engineering attacks at scale.

    TESSIAN.COM/RESEARCH→
    TESSIAN.COM/RESEARCH 3
    14

    TESSIAN.COM/RESEARCH→
    TESSIAN.COM/RESEARCH 4
    TESSIAN.COM/RESEARCH→
    TESSIAN.COM/RESEARCH 5
    The social network

    TESSIAN.COM/RESEARCH 6
    gold dust

    61 7 7010 1111


    Passport No. / Passeport No. Add number
    533380006

    TESSIAN.COM/RESEARCH 7
    Did you know?
    JPEG files contain 'EXIF' data that can include
    accurate GPS locations of where the photo was taken.
    Many apps strip this data out before the photo goes
    online, but not all.

    TESSIAN.COM/RESEARCH 8
    Hackers hack humans to hack the
    companies they work for

    And, by running scripts, they can do this


    automatically and at scale.

    Remember
    Hackers hack humans to hack the
    companies they work for. And a lot of the
    heaving lifting can be done on social media.
    people

    ALON GAL

    TESSIAN.COM/RESEARCH 9
    󾓦

    Almost half (43%) of us post every day, giving hackers


    up-to-date intelligence about where we’re working, who
    we’re working with, and what we’re working on. You can find virtually
    anything

    HARRY DENLEY

    TESSIAN.COM/RESEARCH 10
    *
    OOO? TMI !

    KATIE PAXTON-FEAR

    TESSIAN.COM/RESEARCH 11
    In this example of a social
    engineering attack, hackers use
    an OOO message and other
    publicly available information to
    initiate a wire transfer.

    TESSIAN.COM/RESEARCH 12
    This time, hackers leverage
    a trusted third-party to gain
    access to their target.

    Warning:
    New starters are prime targets of social
    engineering attacks. They’re typically
    given their full access credentials when
    they start, but don't yet know who’s
    who. They may also not have had their
    security training yet. Finally, given that ■
    they’re new, they’ll be especially keen to ■
    make a good impression. ■

    TESSIAN.COM/RESEARCH 13
    Not-so-strong passwords

    But your personal


    information can be just as valuable.

    password = "Annie02102011"

    password = "picklesthedog"

    password = "Cubsfan111!"

    People may even unwittingly share this information via


    ALYSSA MILLER
    gimmicks or memes that make their rounds on social media.

    TESSIAN.COM/RESEARCH 14

    Hashcat

    TESSIAN.COM/RESEARCH→
    TESSIAN.COM/RESEARCH 15
    A hacker’s toolkit
    Hunter.io Adobe Photoshop Sherlock

    Most - if not all - of these tools were designed for the


    “good guys”. Penetration testers, compliance teams,
    and even law enforcement. In fact, some are even Google Street View Snusbase Creepy
    marketing and sales tools! Hashcat

    These sorts of tools are bundled together and available


    for free via Kali Linux.

    An employee working Maltego


    9-5 just doesn’t have the same commitment theHarvester HTTrack
    to protecting a company as a hacker has to
    hacking a company

    ALON GAL

    TESSIAN.COM/RESEARCH 16
    We’re not all
    security experts

    According to our survey, only 15% of employees don’t


    reuse passwords.

    Hackers gained unauthorized access to


    SolarWinds by guessing passwords.⁴

    TESSIAN.COM/RESEARCH 17
    “Hackers are very strategic in the timing
    of their social engineering attacks.

    You can read more about the


    CRAIG HAYS Psychology of Human Error in
    this report →

    TESSIAN.COM/RESEARCH 18
    Does this look
    suspicious to you?
    55%
    58%
    63%
    66%

    40%
    44%
    35%
    Our data tells a different story. 47%

    41%
    42%
    50%
    37%

    31%
    38%
    26%
    30%

    44%
    45%
    50%
    58%

    4%
    3%
    5%
    7%

    12%
    8%
    What are organizations 4%
    8%
    doing to prevent the problem?

    TESSIAN.COM/RESEARCH 19

    or personal accounts.

    Email customers/clients
    directly before you log off with relevant contact details for
    you or a colleague.

    It only takes one late night for


    someone to make a mistake

    Spread the word!


    DAWN ISABEL Download this list of do’s and don’ts to share with employees.

    DOWNLOAD NOW →

    TESSIAN.COM/RESEARCH 20
    Throughout 2020, Tessian Defender prevented nearly
    420,000 social engineering attacks and over 125,000
    attempts of wire fraud. And, we’ve seen a 15% increase Tessian is different.
    in the number of attacks from the first half of the year to
    second. These are emails that slipped right past legacy Tessian Defender
    solutions and native controls.

    We hire them
    to do other jobs.

    You have to
    put tools in place to protect them.”

    CRAIG HAYS

    TESSIAN.COM/RESEARCH 21
    TESSIAN.COM

    LEARN MORE LEARN MORE

    TESSIAN.COM/RESEARCH
    TESSIAN.COM/RESEARCH →

    You might also like