bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/Architecture/Social_Engineering.md
T
koriweb d8a80f6272 chore(wiki): dangling 링크 canonical 정규화 (768파일/1200건) 
이름만 다른(표기 변형) [[위키링크]]를 대상 문서의 canonical 제목으로 치환해
끊겼던 1,200개 링크를 연결. 제목/파일명 정규화 일치만 적용하고 별칭 매칭은
과병합 위험으로 제외(애매성 가드). 원본은 _link_reconcile_backup/ 에 백업.
도구: Datacollect/scripts/link_reconcile_apply.mjs

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 12:24:15 +09:00

150 lines
4.7 KiB
Markdown
Raw Blame History

---
id: wiki-2026-0508-social-engineering
title: Social Engineering
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Social Engineering Attacks, Human-Layer Attack, Phishing Family]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [security, threat-model, phishing, awareness]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: english
framework: security
---
# Social Engineering
## 매 한 줄
> **"매 attack 의 weakest link 의 human 의 exploit. Tech-stack 의 hardening 보다 매 human-layer 의 manipulation 가 cheaper."**. 매 phishing, vishing, pretexting, baiting 의 family — 매 2026 LLM-generated voice clones / deepfake video 가 매 attack vector 의 industrialize 했음. 매 SOC2 / ISO27001 의 awareness training 의 mandate.
## 매 핵심
### 매 attack vectors
- **Phishing** (email) — bulk credential harvest.
- **Spear-phishing** — targeted, OSINT-backed.
- **Vishing** (voice) — 매 LLM voice clone 의 era.
- **Smishing** (SMS) — package delivery, bank scam.
- **Pretexting** — impersonation (CEO fraud, IT helpdesk).
- **Baiting** — USB drop, malicious download.
- **Tailgating** — physical access.
### 매 psychological levers (Cialdini)
- Authority (CEO impersonation).
- Urgency ("account locked, act now").
- Scarcity ("last chance").
- Reciprocity ("free gift").
- Social proof ("colleagues already responded").
- Liking (rapport building).
### 매 응용 (defense)
1. MFA (phishing-resistant — FIDO2/passkey).
2. SPF/DKIM/DMARC for email auth.
3. Awareness training + simulated phishing.
4. Approval workflow for wire transfers (out-of-band verify).
5. Zero-trust + least-privilege blast radius limit.
## 💻 패턴
### DMARC enforce policy
```dns
_dmarc.example.com. TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com; pct=100"
```
### Phishing simulation framework (gophish API)
```python
import requests
api = "https://gophish.local/api"
headers = {"Authorization": "Bearer TOKEN"}
campaign = {
"name": "Q2 Awareness",
"template": {"name": "Fake-IT-Reset"},
"url": "https://landing.local",
"groups": [{"name": "All-Employees"}],
}
requests.post(f"{api}/campaigns/", json=campaign, headers=headers)
```
### FIDO2 webauthn (phishing-resistant)
```typescript
const credential = await navigator.credentials.create({
publicKey: {
challenge: serverChallenge,
rp: { name: 'example.com' },
user: { id, name: email, displayName: name },
pubKeyCredParams: [{ alg: -7, type: 'public-key' }],
authenticatorSelection: { userVerification: 'required', authenticatorAttachment: 'platform' },
},
});
```
### Wire-transfer out-of-band verify (Slack bot)
```typescript
bot.command('/verify-wire', async ({ command, ack }) => {
await ack();
const challenge = generateOTP();
await sms.send(command.user_phone, `Wire verify code: ${challenge}`);
await db.storeChallenge(command.user_id, challenge);
});
```
### Email header anomaly detection
```python
def is_suspicious(msg):
spf = msg.get('Authentication-Results', '')
if 'spf=fail' in spf or 'dkim=fail' in spf:
return True
if msg['From'] != msg['Reply-To']:
return True # display name spoof
return False
```
### Deepfake voice detection (2026 ML)
```python
from transformers import pipeline
detector = pipeline('audio-classification', model='WavLM-deepfake-2026')
result = detector(audio_path)
# returns: [{'label': 'synthetic', 'score': 0.94}, ...]
```
## 매 결정 기준
| 상황 | Approach |
|---|---|
| Email account compromise risk | DMARC reject + FIDO2 MFA |
| Wire transfer fraud (BEC) | Out-of-band callback verify |
| Voice impersonation | Codeword + callback to known number |
| USB drop | Endpoint policy block autorun |
| Insider awareness | Quarterly simulated phishing |
**기본값**: FIDO2 passkey + DMARC reject + quarterly training + out-of-band approval for $X+ transfers.
## 🔗 Graph
- 부모: [[Threat-Modeling]] · [[OWASP Top 10]]
- 변형: [[Phishing]]
- 응용: [[FIDO2]] · [[DMARC]] · [[Zero Trust Architecture]]
## 🤖 LLM 활용
**언제**: threat-model human layer, security training content, BEC playbook.
**언제 X**: 매 actual phishing template generation — abuse risk.
## ❌ 안티패턴
- **SMS-only MFA**: SIM-swap vulnerable — FIDO2 prefer.
- **Annual training only**: 매 retention low — quarterly + simulation.
- **Trust caller-ID**: 매 trivially spoof — callback to known number.
## 🧪 검증 / 중복
- Verified (NIST SP 800-50, Mitnick "Art of Deception", Verizon DBIR 2025).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — SE attack vectors, Cialdini levers, FIDO2/DMARC defenses |
Reference in New Issue View Git Blame Copy Permalink