3.1 Attacks & exploits: Social Engineering and Physical Attacks Flashcards
What is Social Engineering?
▪ A broad range of malicious activities accomplished through human interactions
▪ Non-technical attacks
Methods of Influence: what is Authority type of methods of influence when doing social engineering attacks ?
▪ People are more willing to comply with a request when they think it is coming from someone in authority
▪ Use of recognizable brand names like a bank or PayPal could be considered a form of authority:
● CEO or manager
● Important client
● Government agency
● Financial institution
Methods of Influence: what is Urgency type of methods of influence when doing social engineering attacks ?
▪ People are usually in a rush these days and urgency takes advantage of this fact
▪ Approaching deadline, time-based
Methods of Influence: what is Social proof type of methods of influence when doing social engineering attacks?
▪ People are more likely to click on a link through social media or based on seeing others have already clicked on it
▪ Use social proof to make people crave to be part of a social group, experience, or interaction
Methods of Influence: what is Scarcity type of methods of influence when doing social engineering attacks?
▪ Technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a limited time
▪ Limited supply, quantity-based
Methods of Influence: what is Likeness/Likeability type of methods of influence when doing social engineering attacks?
▪ A technique where the social engineer attempts to find common ground and shared interests with their target
▪ Social engineers are some of the most likeable people you will meet
Methods of Influence: what is Fear type of methods of influence when doing social engineering attacks?
▪ The use of threats or demands to intimidate someone into helping you in the attack
Methods of Influence: what is Example type of methods of influence when doing social engineering attacks?
▪ Click on this email right now because we only have three things left. These will only be on sale for the next 30 minutes. We have 100 people who already bought.
Social Engineering: what is phishing?
▪ A social engineering attack where the malicious actor communicates with the victim from a supposedly reputable source to lure the victim into divulging sensitive information
Social Engineering: what is spear phishing?
▪ Uses the same technology and techniques but is a more targeted version of phishing
▪ During a penetration test, you are most likely to conduct spearphishing and not phishing
Social Engineering: what is whaling?
Focused on key executives within an organization or other key leaders, executives, and managers in the company:
● Busy executives
● Better targeted
● Older and technically challenged executives
Social Engineering: what is vishing?
Occurs when the message is being communicated to the target using the voice functions of a telephone
Social Engineering: what is smishing?
▪ Occurs when the message is being communicated to the target thru text messaging
▪ Short Message Service (SMS): The text message service component on cellphones, smartphones, tablets, and other mobile devices
▪ Multimedia Messaging Service (MMS): A form of text messaging that also allows pictures, sound, or video to be sent using the service
Social Engineering: what is Business Email Compromise (BEC)?
Occurs when an attacker takes over a high-level executive’s email account and orders employees to conduct tasks
Social Engineering: what is pharming?
Tricks users into divulging private information by redirecting a victim to a website controlled by the attacker or penetration tester
Baiting Victims: what is a Watering hole attack?
Malware is placed on a website that you know your potential victims will access
Baiting Victims: what is a Typosquatting/URL Hijacking?
A social engineering attack that deliberately uses misspelled domains for malicious purposes and is often used in combination with a watering hole attack
Impersonation: what is it?
▪ The act of pretending to be someone else in order to gain access or gather information
▪ The goal is to use people’s trust on a person in authority and people in uniform
Impersonation: what is Elicitation?
The ability to draw, bring forth, evoke, or induce information from a victim
Physical Security: what are the good practices for organizations that use wired/ wireless CCTV for surveillance (7)?
▪ Wired: Placed around the building and will be physically cabled from the camera all the way to a central monitoring station
▪ Wireless:
● Subject to interference with other wireless systems and frequencies
● Many wireless security systems operate in the unregulated 2.4 GHz wireless spectrum
▪ Indoor/Outdoor
▪ PTZ (Pan, Tilt, Zoom)
▪ Infrared: Can produce an image based on the relative heat levels in view
▪ Ultrasonic System: A type of surveillance system that uses sound-based detection
▪ Take note of the placement of the security cameras being used
Physical Security: list the locking mechanisms that can be use (4)?
▪ Physical key
▪ PIN
▪ Wireless signal
▪ Biometrics
Physical Security: what is Access Control Vestibule (Mantrap) and how to bypass it?
▪ An area between two doorways that holds people until they’re identified and authenticated
▪ Bypass Methods:
● Tailgating
● Piggybacking
● Badge cloning
Physical Security: what is biometrics type of authentication?
Rely on physical characteristics to identify a person properly:
● Something you know
● Something you have
● Something you are
● Something you do
● Somewhere you are
Physical Security: you want to test your biometric system for FAR, what is FAR?
False Acceptance Rate (FAR): Rate that a system authenticates a user as authorized or valid when they should not have been granted access to the system
Physical Security: you want to test your biometric system for FRR, what is FRR?
False Rejection Rate (FRR): Rate that a system denies a user as authorized r valid when they should have been granted access to the system
Physical Security: you want to test your biometric system to ensure it efficient, you look at the CER, what is the CER?
Crossover Error Rate (CER): An equal error rate (ERR) where the false acceptance rate and false rejection rate are equal
Physical Attacks: what is tailgating?
▪ Entering a secure portion of the organization’s building by following an authorized person into the area without their knowledge or consent
▪ Identify the habits of the employees as they are using the doors and the way the doors themselves function
Physical Attacks: what is Piggybacking?
▪ Occurs when an attacker attempts to enter a restricted area or get past an access control vestibule by following an authorized employee with their knowledge or consent:
● Influence
● Impersonation
● Elicitation
▪ Piggybacking works well in large organizations where all the employees don’t know each other
Physical Attacks: what is Shoulder Surfing?
Occurs when an attacker attempts to observe a target’s behavior without them noticing
Physical Attacks: what is Eavesdropping?
Listening to conversations and performing direct observation through hearing
Physical Attacks: what is Dumpster Diving?
Occurs when an attacker searches inside trash or recycling containers for personal, sensitive, or confidential information or other items of value
Physical Attacks: what is Badge Cloning and what are the easiest badge to clone?
▪ The act of copying authentication data from an authorized user’s badge
▪ The easiest badges to clone are badges with RFID and NFC tags embedded in them
▪ Newer RFID badges use higher frequencies that provide higher data rates and can support encryption
▪ For NFC-based badges, a penetration tester needs to be extremely close to the badge they want to clone, usually within just a few inches
Social Engineering Tools: what is Social Engineering Toolkit (SET)?
A Python-based collection of tools and scripts that are used to conduct social engineering during a penetration test
Social Engineering Tools: what is Browser Exploitation Framework (BeEF)?
▪ Used to assess the security posture of a target environment using cross-site attack vectors
▪ BeEF is a great tool for testing browsers and associated web servers and applications
Social Engineering Tools: what is Call Spoofing?
▪ Hide identity
▪ Conduct impersonation attack
▪ Use the modern and up-to-date version of call spoofing programs for your penetration tests
