2nd/10_Wiki/Topics/Architecture/Social_Engineering.md at 22cd97698ef9352ce3ac6cd79ef9508bc9dfc09f

Files

T

Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization

10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-20 23:52:15 +09:00

4.7 KiB

Raw Blame History

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack

title

매 한 줄

"매 attack 의 weakest link 의 human 의 exploit. Tech-stack 의 hardening 보다 매 human-layer 의 manipulation 가 cheaper.". 매 phishing, vishing, pretexting, baiting 의 family — 매 2026 LLM-generated voice clones / deepfake video 가 매 attack vector 의 industrialize 했음. 매 SOC2 / ISO27001 의 awareness training 의 mandate.

매 핵심

매 attack vectors

Phishing (email) — bulk credential harvest.
Spear-phishing — targeted, OSINT-backed.
Vishing (voice) — 매 LLM voice clone 의 era.
Smishing (SMS) — package delivery, bank scam.
Pretexting — impersonation (CEO fraud, IT helpdesk).
Baiting — USB drop, malicious download.
Tailgating — physical access.

매 psychological levers (Cialdini)

Authority (CEO impersonation).
Urgency ("account locked, act now").
Scarcity ("last chance").
Reciprocity ("free gift").
Social proof ("colleagues already responded").
Liking (rapport building).

매 응용 (defense)

MFA (phishing-resistant — FIDO2/passkey).
SPF/DKIM/DMARC for email auth.
Awareness training + simulated phishing.
Approval workflow for wire transfers (out-of-band verify).
Zero-trust + least-privilege blast radius limit.

💻 패턴

DMARC enforce policy

_dmarc.example.com. TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com; pct=100"

Phishing simulation framework (gophish API)

import requests

api = "https://gophish.local/api"
headers = {"Authorization": "Bearer TOKEN"}
campaign = {
    "name": "Q2 Awareness",
    "template": {"name": "Fake-IT-Reset"},
    "url": "https://landing.local",
    "groups": [{"name": "All-Employees"}],
}
requests.post(f"{api}/campaigns/", json=campaign, headers=headers)

FIDO2 webauthn (phishing-resistant)

const credential = await navigator.credentials.create({
  publicKey: {
    challenge: serverChallenge,
    rp: { name: 'example.com' },
    user: { id, name: email, displayName: name },
    pubKeyCredParams: [{ alg: -7, type: 'public-key' }],
    authenticatorSelection: { userVerification: 'required', authenticatorAttachment: 'platform' },
  },
});

Wire-transfer out-of-band verify (Slack bot)

bot.command('/verify-wire', async ({ command, ack }) => {
  await ack();
  const challenge = generateOTP();
  await sms.send(command.user_phone, `Wire verify code: ${challenge}`);
  await db.storeChallenge(command.user_id, challenge);
});

Email header anomaly detection

def is_suspicious(msg):
    spf = msg.get('Authentication-Results', '')
    if 'spf=fail' in spf or 'dkim=fail' in spf:
        return True
    if msg['From'] != msg['Reply-To']:
        return True  # display name spoof
    return False

Deepfake voice detection (2026 ML)

from transformers import pipeline
detector = pipeline('audio-classification', model='WavLM-deepfake-2026')
result = detector(audio_path)
# returns: [{'label': 'synthetic', 'score': 0.94}, ...]

매 결정 기준

상황	Approach
Email account compromise risk	DMARC reject + FIDO2 MFA
Wire transfer fraud (BEC)	Out-of-band callback verify
Voice impersonation	Codeword + callback to known number
USB drop	Endpoint policy block autorun
Insider awareness	Quarterly simulated phishing

기본값: FIDO2 passkey + DMARC reject + quarterly training + out-of-band approval for $X+ transfers.

🔗 Graph

부모: Threat-Modeling · OWASP-Top-10
변형: Phishing
응용: FIDO2 · DMARC · Zero-Trust-Architecture

🤖 LLM 활용

언제: threat-model human layer, security training content, BEC playbook. 언제 X: 매 actual phishing template generation — abuse risk.

❌ 안티패턴

SMS-only MFA: SIM-swap vulnerable — FIDO2 prefer.
Annual training only: 매 retention low — quarterly + simulation.
Trust caller-ID: 매 trivially spoof — callback to known number.

🧪 검증 / 중복

Verified (NIST SP 800-50, Mitnick "Art of Deception", Verizon DBIR 2025).
신뢰도 A.

🕓 Changelog

날짜	변경
2026-05-08	Phase 1
2026-05-10	Manual cleanup — SE attack vectors, Cialdini levers, FIDO2/DMARC defenses

4.7 KiB Raw Blame History

Social Engineering