Social Engineering with SAINT
Computer users must be aware of security risks, otherwise they can unwittingly become participants in the breach of network security and the theft of private information such as account, PIN and credit card numbers; passwords; and even information vital to national security. SAINT can help you test users to determine their awareness of security risks and security training needs.
Who will take the Bait ... hook, line, and sinker?
Go Phishing with SAINT –
SAINTexploit's Phishing Tool allows you to send a customized e-mail message prompting users to take the bait. You can choose from numerous predefined HTML templates, create your own custom HTML, or send a simple text message.
Then, run the preconfigured SAINTwriter phishing report to present who passed, and who failed because they executed the action you requested in the message. View Sample Phishing Report
More Bait ...
Flash Drive or CD AutoPlay Command Execution –
This exploit tool allows you to create a Flash (USB) drive or CD, which, when inserted into a Windows computer, prompts the user to run a program creating a command connection. Create the CD, leave it on user's desks, and watch to see if they take the bait!
E-mail Attachment Execution –
This exploit tool sends an e-mail message with an attachment. If the recipient takes the bait and clicks on the attachment, a connection is opened.
Reverse Shell Applet –
This exploit tool delivers a signed Java applet to a user via an HTML web page. If they take the bait and accept the signed digital signature, it establishes a reverse shell back to the exploit server.
Click Logger –
This tool can be used to find out what users are susceptible to clicking on links in an e-mail. It returns an error page and logs users that visit it.
Download Connection –
This tool e-mails a link to an executable file to the user. If they take the bait and launch it; it establishes a command connection to their computer.
Find e-mail Addresses –
Although not directed at the user, this tool checks Internet search engines for corporation e-mail addresses that the user may have entered into websites that are indexed by search engines. This tool is usually used for reconnaissance in support of one of the other exploit tools.
Extensive Library of Client Exploits –
SAINT includes a library of over 300 client exploits, targeting vulnerabilities in web browsers, media players, office applications, and other client applications. If the user takes the bait and opens the exploit content in a vulnerable application, a command connection to the user’s computer is opened.