In this video, you will learn to describe social engineering and how it is used as an effective method of cyber exploitation. So now, let's talk about social engineering. Social engineering is actually pretty easy to understand. Question yourself, how could you trick somebody to do something that they don't want to do? Thinking the good way, I mean, how could you trick somebody to give you her or his password? I mean, if you go and ask your friends to give him a password for social network, probably they wouldn't do that because they understand that the password is something important for them to have privately or separated from the public information that they could give to somebody. So the question or the process to perform a social engineering attack is, how could you trick somebody to give you something that is private? This is something that we use normally on offensive security operations because when we try to exploit things from the technical perspective, in some occasions, we deal with advanced firewalls with advanced systems that will block all the effects that we're delivering to the client or the victim network. So one of the easy way to perform or get formation or try to exploit things inside the network of the client of the victim is try to gain information from the users, gain information from somebody inside the network that already have for example a password, a username to login into a BBN system. So if you already have the URL, the external URL to login into SSL BBN system but you need the password, you need the the username for you to be able to login into that remote system, the easy way to get that probably is the social engineering attack. Now, how could you perform a social engineering attack? That's actually pretty easy also. Again, this is something that you need to have permission to do that or to do it. There is a lot of tools over there that you could use. A tool that it's actually pretty easy is called setoolkit. Setoolkit is something that came in Linux that you also could install on your system without any Linux installation or without any specific Linux distribution. But either it's something that will have a set of tools is like set on the title is a toolkit, where you can create for example fake websites. Create or clone websites from public Internet domains or a private Internet domains. For example, you can go and clone external website from your client, from your victim, and wait a couple of weeks, you could try to impersonate somebody, and that somebody could send an email using a phishing attack to username inside the network, inside your victim network or your client network and see if the user gets or click on the link that you send and add all the credentials, write all the credentials on that user and password log-in fake HTML for example. So that's not all. I mean, social engineering toolkit has a lot of tools. Actually, you could also spoofing voice calls. So that's something interesting for you to test. Again, you need to have permission in order to try to exploit something from a client. I mean, you cannot do by any mean any kind of clone a private website and try to fishing set of usernames, and try to get them to click a link and give you the credentials. For any kind of systems, you need to have the permission for doing that. But the important part here to understand is there is a lot of good tools, there is a lot of things that you can start doing to understand how could you trick somebody to do something that they shouldn't do.