This article is more than 1 year old
Social sniffer predicts which Nigerian prince has the best chance of scamming you
Data matching tool will be open source, intended for good not evil
Kiwi penetration tester Laura Bell has released a social engineering analysis tool to allow analysis of risky behaviour by punters.
The platform dubbed "AVA" and billed as an "automated three-phase human vulnerability scanner" will soon be released as open source and made usable for both hackers using Kali Linux and less tech-savvy punters.
In a talk voted best in show at last week's KiwiCon in Wellington, Bell said AVA is "kind of like government stalking, but used to help humanity".
"In terms of one person being exploited, the more connected your network is the greater the risk," Bell said.
"You can look at who is friends with a person, when they log in and out, the sender and receiver patterns.
"We create threats in the form of tweets, Facebook messages, QR codes; any type of delivery mechanism you can think of can be potentially plugged into AVA and tested."
Bell's tool could highlight changes of behaviour over time, and track and visualise social engineering attacks including the path taken as it flowed through a network.
Possible conclusions could reveal that tired night staff are more susceptible to social engineering attacks, or that various training regimes were effective.
Tracking behaviour could also allow predictive threat analysis meaning defensive measures could be planned based on a group's risk profiles.
Staff with excessive permissions would also be identified.
The tool could also examine the estimated one thousand permutations of email threats such as privacy invasions and exploitation of trust that were distinct from phishing attacks.
It sourced Cornell University's massive five-year database of phishing emails allowing admins to customise social engineering penetration tests against staff.
Bell controversially suggested that AVA should be used to target employee's personal interactions, such as their Tweets and Facebook messages, as the information was already public and would be used by attackers.
"Most organisations draw a very distinct line between the systems that are provided by the organisation and the systems that are for personal use. I think this is broken," Bell said.
"Most people Tweet from their desks, log into Facebook during lunch, and are continually connected to both worlds so the division between the systems is flawed."
The tool would be released in the coming months and are on offer immediately to those willing to contribute to the code base by contacting Bell. ®