Question

Three pharmacists in Atlanta, Georgia have invented a new energy drink called Booster. It has become the number one soft drink in the world and you are assigned to find out how it is made. This is a closely guarded secret known to only three original pharmacists: Pat knows the process, and Audre and Stacey each know half of the formula. The entire secret is stored in the Booster Vault at Booster HQ. The Booster Vault is accessible only by the Booster Virtual Private Network and will only work when all three passphrases are entered within 30 seconds of each other from three different IP addresses. Design a campaign, including technical, social engineering, and reverse social engineering techniques to get the full formula and process.

Answer 1

Social Engineering and Revere Social Engineering

Social Engineering

Social Engineering is the act of tricking someone into divulging information or taking action via technology. The difference between the hacker and a social engineer is, a hacker gets the information through software vulnerability but in case of social engineer gets the information from an employee into divulging their login credentials.

There are many types of social engineering attacks.

1. Baiting.

This type is normally based on a bait like a fish reacting to a worm on a hook.

2. Phising.

It is a act of taking information from unwitting victims.

3. Email hacking and Contact Spamming.

Person take advantage of this by commandeering email account and get contact list by spam messages.

4. Pretexing.

The attacker seek some attention from person and try to get information.

5. Quid pro quo

It is just like a exchange but the attacker get more priority rather than the person.

6. Vishing

Vishing is same as Phishing. But it is used voice to get person’s information.

Reverse Social Engineering.

Here the attacker convinces the person that there is a problem in the persons system and he or she offers to solve that issue.

To get a persons information through reverse social engineering.

First they attack their system

Then he or she may be the authority to solve the problem or convey he or she has the ability to solve the issue.

And finally, the person believes the attacker and gives permission to access to solve the issue. So, the attacker gains the sensitive information of a person.

If a person has a lack of security awareness gets easy to be vulnerable.

And also, poor planning and implementation of security controls are easy to be threat.

So, here we can get the full formula from three pharmacist with the help of social engineering and reverse social engineering. They are using Booster Virtual Private Network by this network we can steal the information with social engineering. And also, the information is stored in Booster Vault at Booster HQ. From there the attacker gets the permission to get the login credentials and from there they get the formula.