{"uuid": "6b0f248c-ef93-4c21-b455-013c26c08b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30190", "type": "seen", "source": "https://t.me/technical_private_cat/191", "content": "Part 1 - social engineering\n\nFirst I want to talk about social engineering. \nWhat is social engineering? \nIt is methods of influencing a person to do what you want him to do. \n\nBut what methods hackers use and what tools and resources do they use? \n\nThe first and most famous type I want to talk about is phishing. \nFor me phishing is divided into two types - mass and targeted (those who knows can correct). \n\"Bulk phishing\" is a kind of mass general delivery of let's say emails with malicious files, links, threat notifications etc. with some kind of general concept.  \n\nAnd directed is phishing, which is aimed at a particular person - for example, deputy director of the company. To do so, phishers first use methods a la OSINT to collect information about a target and then they compose phishing attacks.  \nTo hide an exe in any other format they use different file joyners or work with asm exe files themselves. Then they make up a more or less convincing story or just send it to the victim(s). Another example about sending documents is the infamous CVE-2022-30190, which contains exploits, see.\nWhat does it do?  \nThis vulnerability can be exploited via a malicious MS Office document.\nWhen something goes wrong with Windows it can invoke from other applications via a special MSDT URL protocol. \nIf the vulnerability is exploited successfully, the attacker can run arbitrary code with the privileges of the application that invoked MSDT, i.e. in our case with the privileges of the user who opened the malicious file.\nSimilar vulnerability and exploit \n\nPhishing can also be done via fake websites. \nThis is also very easy to do. \nThere are phishing attempts when a hacker is already in the local network and needs to get passwords to log on to the server and download the malware. For this, most often a local attack using local dos attacks for example with pyersinia to the victim device is restarted, and the attacker could intercept the data entered. \nHere is a wireshark article about data hijacking \n\nNow let's talk about the social engineering, where the intruder must be \"present\".\nThe first thing that comes to mind is the compromise of the employees.  As they say \"the most vulnerable part of the server is the cleaner\" - Because she does not know anything about computers, the intruder can pay her and ask to insert a flash drive\ud83e\udda0 Or remember how lapsus did (asking directly the companies employees to cooperate with them) . \nEven if no one from the failed to compromise or hack, the attacker has to act himself. For such a hacker can pretend to be an employee of the company, or I've seen somewhere that they dig in the office trash (nothing funny someone throws out passwords there), even for example, to get into the company building, they can just confidently go after someone else.\nIn general, if more stringent on the security of places, there they are more likely to compromise employees or conduct other manipulations with them ...\nA little touch on how to deal with it.\nFirst of all be more vigilant, do not open any e-mails from unknown addresses, do not click on links, more often check the network in the company for suspicious actions, and in general be more vigilant to everything.  Concerning the second type: how to avoid compromise, well this is a very difficult question - probably check the employees more often. In general the topic of social engineering is quite vast and affects many areas of life, BUT I think you understood in brief. If anything, I'll attach a few articles about social engineering methods below. \nAnd then you can move on to the next part.\n #virus #social_engineering", "creation_timestamp": "2022-09-24T08:33:34.000000Z"}