Software Development P

Case Study Report

[Date]

0
“Table of Contents
1. Introduction:......................................................................................................................................2
1.1. History about social engineering attacks................................................................................2
1.2. Background Information........................................................................................................2
1.3. Objectives of the report...........................................................................................................2
2. Analysis and Technical Findings.......................................................................................................2
2.1 Part-1: Mass Mailer Attack.....................................................................................................2
2.1.1 Practical Execution..............................................................................................................2
2. 1. 2 Findings...................................................................................................................................5
2.2 Part-2: SSL Stripping and ARP Spoofing...............................................................................5
2.2.1 Practical Execution...................................................................................................................5
2. 2. 2 Findings...................................................................................................................................7
3. Solution to Prevent these Attacks.....................................................................................................7
3.1 Try to prevent the occurrence of mass mailer attacks:.................................................................7
3.2 Counter Measures against SSL Stripping and ARP Spoofing......................................................8
4. Conclusion..........................................................................................................................................9
References..................................................................................................................................................9

1
1. Introduction:
1.1. History about social engineering attacks.
The traditional way of doing this by finding software loopholes is being replaced with a plethora of tricks
on the part of cybercriminals to obtain unauthorized access to computer systems. This report would
describe three particular forms of social engineering attack. Mass Mailer Attack on the SSL Stripping and
ARP Spoofing contained in the Kali Linux environment. Different approaches and different results but
one common aim in all of these attacks was to probe human nature or the protocols of communication
networks to successfully access secured data.

1.2. Background Information

Linux distribution with Debian-base, strong and stable, but mainly designed for digital forensic and
penetration testing. It’s the set of tools that cybersecurity experts use to learn the vulnerabilities and
diagnose threats that an opponent might utilize, and even to launch cyber-attacks on their own with the
goal to strengthen network protection from within. For this case study, we use the Kali Linux operating
system to carry out the Mass Mailer Attack, and the SSL Stripping and ARP Spoofing attacks. The mass
Mailer attack also referred to as the Pre texting involves creating of a fake receiver identity with the
intention of collecting personal data or a release of malicious programs to many other people. On the
other hand, SSL Stripping and ARP Spoofing work in the traffic level, which performs a downgrade of
secured connections to the insecure ones, HTTPS to HTTP, and sends traffic to the attacker’s choice.

1.3. Objectives of the report

Therefore, it is this report’s intention to explain how practical these illustrated attacks are and the results
they yield in Kali Linux. This includes the mechanics of these types of attacks with a view to detecting
weak spots in the software development life cycle and how to recommend suitable measures to mire these
attacks. Without solving these problems, any organization that wants to protect its data and, moreover,
justify the informational systems’ existence will face the necessity to rid itself of these difficulties [1].

2. Analysis and Technical Findings

2.1 Part-1: Mass Mailer Attack
2.1.1 Practical Execution
The attack is using SET out of Kali Linux to create and drop a phishing email attack. The attacker steers
this to impersonate a real email message that can tap on such key attributes as a sense of urgency/fear for
instance a security alert or downloading an important file. This email is thence sent to a huge mailing list
where it is delivered to numerous receivers at once. What its purpose is to make the recipients bear links
that have viruses, Trojan horses, worms or download attachments with viruses and malicious code for it to
achieve the goal to overtake its target’s computer or steal from it [2].
Here are the steps involved:
1. Setting up the Environment:
First thing first, open the terminal of Kali Linux and enter the application known as Social
Engineering Toolkit (SET). This is a high-grade tool, which was created to carry out social
engineering attacks and nothing else. To start the SET, enter a specific command in the terminal that

2
enables the opening of the SET toolkit, required to form and run the phishing, or any other social
engineering solutions. When SET is live, a vast number of attack types are available, and they can be
tweaked further with the target and goal,

Figure 1: Environment Setup

2. Selecting the Attack Vector:

Select the option under SET called “Email Attacks”. When the SET is opened the screen that appears
presents a variety of several technical options that can be employed to select the necessary attack
type. For this case, choose the option labelled “Email Attacks” from the display list shown. Such a
selection allows you to draw up a phishing email. In this way SET has several specific forms of the
email attack, which demonstrates how to use it. for massive number of e-mails phishing, or for
selective top-bottom with a few particular internet addresses. This step is extremely essential for
setting the groundwork for all the phishing attacks [3].

Figure 2: Email Attack Option

3
 Figure 3: Email Attacks Within a Set

3. Crafting the Email

Draft the Phishing Email, Including Links or Attachments.

Figure 4: Draft the Phishing Email

4. Launch the attack

Send the Email to the Target.

Figure 5: Email Sent

4
2. 1. 2 Findings
The efficiency of the attack; is however; dependent on the number of responses from the recipient after
launching the attack through the mass emails. If the users click on the link or the attachment received,
their systems are infected and attacker acquires full access to the users’ data. In relation to other type of
attacks, this type is rather powerful, because, hiding under the mask of trust, it is usually used to blunt the
initial stage of filters.

2.2 Part-2: SSL Stripping and ARP Spoofing

2.2.1 Practical Execution
SSL Stripping and ARP Spoofing are types of network-based attacks that seek to intercept and tamper
with data using a network.
SSL Stripping:
1. Setting up SSL Strip: Do a downgrading of http connections in Kali Linux by utilizing SSL strip
tool.

Figure 6: Setup SSL Strip

2. Configuring IP Tables: Turns traffic destined for port 80 to SSL strip.

Figure 7: Configuring IP Tables

5
 3. Launching the Attack: Initiate the attack and track the downgraded connections.

Figure 8: Initiate the attack

ARP Spoofing:
1. Setting up ARP Spoof: Intercept traffic between the target machine and the gateway with the
Arp spoof tool.

Figure 9:Setting up ARP Spoof

2. Redirecting Traffic: Redirect the intercepted traffic to a malicious server.

Figure 10: Redirect the intercepted traffic

6
 3. Monitoring the Traffic: Register the data that is transmitted through the compromised
connection.

Figure 11: Monitoring the Traffic

2. 2. 2 Findings
SSL Stripping acknowledges secure connections and softens the connection hence making data in the
network exposed to eavesdropping and even modification. ARP Spoofing [4] allows an attacker to
intercept the communications between two parties allowing him to become a man-in-the-middle. The
combination of the two attacks is dangerous since, the first attacks facilitate the second attacks; one can
easily gain access to login details for the erstwhile encrypted channel.

3. Solution to Prevent these Attacks

3.1 Try to prevent the occurrence of mass mailer attacks:
The actions that organizations should conduct to reduce the output of Mass Mailer Attacks are:<
Suspicious and fake e-mails should be prevented from the reaching the end –users by filtering
instruments. Third, an organization should involve the employees in the sessions on the risks involved in
falling for phishing, and proper tips as to how to identify a phishing mail when used as a tool to access the
organization’s network [1]
Key Solutions:
1. Websites, Spam Checkers and the authentication procedures of Emails (SPF, DKIM, DMARC)
The Filters, pop-up warning windows with spam checkers and such security tools as SPF, DKIM and
DMARC are crucial for email security. There is currently working together to ward off the threatening
emails, offer identity of the sender to identify the source of the threats and to solve the issue of spoofing.
Once these measures are put in place possibilities of such phishing attacks have been reduced to minimal
and only authentic emails are sent to the user hence ensuring the communication mechanism of the
organization is thriving.

7
2. Soft Employee Phishing, Awareness and Training
Therefore, such types of training including phishing simulations as well as follow up for employees
should be carried to ensure their awareness regarding cyber threats. Providing the staff on how they
should deal with phishing activities then the chances for such a hit are drastically reduced. I discovered
that, being exposed to phishing simulation the beneficial skills that one needs are trimmed and tested and
from this, these threats are not carried out.
3. Multi Factor Authentication as a Mitigation Strategies for Account Compromise.
Multi-Factor Authentication adopts the idea that before access into a resource is allowed there is a second
form of identification used. This enables even in the event that one aspect for example a password is
hacked then the hackers will not easily gain access. The most effective resource to provide safety in case
of the account breaches and protect the particular information is the MFA.

3.2 Counter Measures against SSL Stripping and ARP Spoofing

To prevent this then all HTTP connections must be coerced to use HTTPS and that’s accomplished via
HTTP Strict Transport Security (HSTS). This ensures that the browsers do not accept a lower quality
connection. The preventive measures for ARP Spoofing are enabling of dynamic ARP inspection and
VPNs that will encrypt the passing traffic.
Key Solutions:
1. HSTS Settings and SSL Certificates Authorization and Renewal check.
One of the measures one can cite is HTTP Strict Transport Security (HSTS) which guarantees that the
browser engages the website using the secured version of the protocol, thus preventing SSL stripping. In
addition, authorized valid and configured SSL certificates on the network guarantees strong connected
encryption, thus eliminating the possibility of man-in-the-middle attacks.
2. Use of encryption over all OSI layers
Security measures should be applied at OSI model’s all levels. This includes an encryption process in the
process of transmission through means such as VPNS whereby the data cannot be accessed by other
parties except the desired recipient. VPNs take things a step further in that to data is also encrypted hence
data retrieved from unsecured network is still secure.
3. New features:
 Counters for protected and blocked VLANs, Network Geometry Protection, Network Segment
Protection and Dynamic ARP Inspection
For consolidation of the security networks should be broken into small sub networks that can be managed
easily for effecting the changes. This minimizes the chances of declaring the potential attacks. In addition,
use of dynamic ARP inspection helps prevent ARP spoofing since it analyzes ARP packets and not all
devices on the networks talk to each other. Such an approach reduces the weight of the risk of violations
of the unauthorized access and data intercept to an enormous extent.

8
4. Conclusion
This technical report has also examined the practical practices of MMM, SSL Stripping and ARP
Spoofing in Kali Linux. They serve as a reminder of some of the worst mistake one can think about,
which can be exploited to gain illegitimate access to confidential information. Minding such types of
attack and also following to the advice within this write-up will ensure immense reduction in likelihood
of these break-ins occurring to organizations.
No other need for cyber security can be put more strongly particularly in the light of progressing
technology which has been responsible for the increase in the social engineering. It is not as easy as the
protection of information. it is about defending trust: privacy and the value of information technologies in
the ever-changing world.

References

[1] L. H. T. a. A. S. .. Allen, Kali Linux–Assuring security by penetration testing, Packt Publishing Ltd.,
2014.

[2] H. S. B. J. V. L. H. a. P. K. M. Gururaj, "Analysis of cyber security attacks using kali Linux.," In 2022 IEEE
International Conference on Distributed Computing and Electrical Circuits and Electronics (ICDCECE)
(pp. 1-6). IEEE., 2022, April. .

[3] A. a. L. R. Thakkar, "Attack classification using feature selection techniques: a comparative study.,"
Journal of Ambient Intelligence and Humanized Computing, 12(1), pp.1249-1266., 2021.

[4] S. Whalen, An introduction to arp spoofing. Node99 [Online Document], 563., 2001.

[5] J. Z. S. a. C. J. Isaac, " Security attacks and solutions for vehicular ad hoc networks. IET
communications, 4(7), pp.894-903.," 2010. "