Christmas comes early as one of the best computer security tool gets a big update. This week David Kennedy and the Trusted Sec gang released a new version of the Social Engineering Toolkit (SET). And this one comes with over 60 new features and updates!
As far as I am concerned, SET is hands down the best way to test your corporate network (and users!) against social engineering type attacks. Social Engineering data attacks (getting someone to run a malicious file through manipulation) is one of the top threats our networks face today. Dave and his team have put some major time and energy into SET to keep it up to date and relevant to the changing topography of network security.
So let’s take a look at the new features:
Multi-pyinjector looks to be one of the most interesting additions (see video above). SET can now deliver multiple payloads through multiple ports increasing your chances of success.
Tack_Email_Addresses is totally new to SET. This feature allows you to track which users clicked on your links and what they input on your website when they arrive.
Looks like this version of SET is also much better at AV evasion. The Java applet attack included in older SET versions was being picked up and blocked by a lot of Anti-Viruses. It seems to be working much better now. Hey, was that a fully patched and updated Windows 8 system I see used in the video? 🙂
Check out the Trustec Sec blog or their video above for more info!