3.1 Attacks & exploits: Social Engineering and Physical Attacks

Question 1

What is Social Engineering?

Answer 1

▪ A broad range of malicious activities accomplished through human interactions
▪ Non-technical attacks

Question 2

Methods of Influence: what is Authority type of methods of influence when doing social engineering attacks ?

Answer 2

▪ People are more willing to comply with a request when they think it is coming from someone in authority
▪ Use of recognizable brand names like a bank or PayPal could be considered a form of authority:
● CEO or manager
● Important client
● Government agency
● Financial institution

Question 3

Methods of Influence: what is Urgency type of methods of influence when doing social engineering attacks ?

Answer 3

▪ People are usually in a rush these days and urgency takes advantage of this fact
▪ Approaching deadline, time-based

Question 4

Methods of Influence: what is Social proof type of methods of influence when doing social engineering attacks?

Answer 4

▪ People are more likely to click on a link through social media or based on seeing others have already clicked on it
▪ Use social proof to make people crave to be part of a social group, experience, or interaction

Question 5

Methods of Influence: what is Scarcity type of methods of influence when doing social engineering attacks?

Answer 5

▪ Technique that relies on the fear of missing out on a good deal that is only offered in limited quantities or a limited time
▪ Limited supply, quantity-based

Question 6

Methods of Influence: what is Likeness/Likeability type of methods of influence when doing social engineering attacks?

Answer 6

▪ A technique where the social engineer attempts to find common ground and shared interests with their target
▪ Social engineers are some of the most likeable people you will meet

Question 7

Methods of Influence: what is Fear type of methods of influence when doing social engineering attacks?

Answer 7

▪ The use of threats or demands to intimidate someone into helping you in the attack

Question 8

Methods of Influence: what is Example type of methods of influence when doing social engineering attacks?

Answer 8

▪ Click on this email right now because we only have three things left. These will only be on sale for the next 30 minutes. We have 100 people who already bought.

Question 9

Social Engineering: what is phishing?

Answer 9

▪ A social engineering attack where the malicious actor communicates with the victim from a supposedly reputable source to lure the victim into divulging sensitive information

Question 10

Social Engineering: what is spear phishing?

Answer 10

▪ Uses the same technology and techniques but is a more targeted version of phishing
▪ During a penetration test, you are most likely to conduct spearphishing and not phishing

Question 11

Social Engineering: what is whaling?

Answer 11

Focused on key executives within an organization or other key leaders, executives, and managers in the company:
● Busy executives
● Better targeted
● Older and technically challenged executives

Question 12

Social Engineering: what is vishing?

Answer 12

Occurs when the message is being communicated to the target using the voice functions of a telephone

Question 13

Social Engineering: what is smishing?

Answer 13

▪ Occurs when the message is being communicated to the target thru text messaging
▪ Short Message Service (SMS): The text message service component on cellphones, smartphones, tablets, and other mobile devices
▪ Multimedia Messaging Service (MMS): A form of text messaging that also allows pictures, sound, or video to be sent using the service

Question 14

Social Engineering: what is Business Email Compromise (BEC)?

Answer 14

Occurs when an attacker takes over a high-level executive’s email account and orders employees to conduct tasks

Question 15

Social Engineering: what is pharming?

Answer 15

Tricks users into divulging private information by redirecting a victim to a website controlled by the attacker or penetration tester

Question 16

Baiting Victims: what is a Watering hole attack?

Answer 16

Malware is placed on a website that you know your potential victims will access

Question 17

Baiting Victims: what is a Typosquatting/URL Hijacking?

Answer 17

A social engineering attack that deliberately uses misspelled domains for malicious purposes and is often used in combination with a watering hole attack

Question 18

Impersonation: what is it?

Answer 18

▪ The act of pretending to be someone else in order to gain access or gather information
▪ The goal is to use people’s trust on a person in authority and people in uniform

Question 19

Impersonation: what is Elicitation?

Answer 19

The ability to draw, bring forth, evoke, or induce information from a victim

Question 20

Physical Security: what are the good practices for organizations that use wired/ wireless CCTV for surveillance (7)?

Answer 20

▪ Wired: Placed around the building and will be physically cabled from the camera all the way to a central monitoring station
▪ Wireless:
● Subject to interference with other wireless systems and frequencies
● Many wireless security systems operate in the unregulated 2.4 GHz wireless spectrum
▪ Indoor/Outdoor
▪ PTZ (Pan, Tilt, Zoom)
▪ Infrared: Can produce an image based on the relative heat levels in view
▪ Ultrasonic System: A type of surveillance system that uses sound-based detection
▪ Take note of the placement of the security cameras being used

Question 21

Physical Security: list the locking mechanisms that can be use (4)?

Answer 21

▪ Physical key
▪ PIN
▪ Wireless signal
▪ Biometrics

Question 22

Physical Security: what is Access Control Vestibule (Mantrap) and how to bypass it?

Answer 22

▪ An area between two doorways that holds people until they’re identified and authenticated
▪ Bypass Methods:
● Tailgating
● Piggybacking
● Badge cloning

Question 23

Physical Security: what is biometrics type of authentication?

Answer 23

Rely on physical characteristics to identify a person properly:
● Something you know
● Something you have
● Something you are
● Something you do
● Somewhere you are

Question 24

Physical Security: you want to test your biometric system for FAR, what is FAR?

Answer 24

False Acceptance Rate (FAR): Rate that a system authenticates a user as authorized or valid when they should not have been granted access to the system

Question 25

Physical Security: you want to test your biometric system for FRR, what is FRR?

Answer 25

False Rejection Rate (FRR): Rate that a system denies a user as authorized r valid when they should have been granted access to the system

Question 26

Physical Security: you want to test your biometric system to ensure it efficient, you look at the CER, what is the CER?

Answer 26

Crossover Error Rate (CER): An equal error rate (ERR) where the false acceptance rate and false rejection rate are equal

Question 27

Physical Attacks: what is tailgating?

Answer 27

▪ Entering a secure portion of the organization’s building by following an authorized person into the area without their knowledge or consent
▪ Identify the habits of the employees as they are using the doors and the way the doors themselves function

Question 28

Physical Attacks: what is Piggybacking?

Answer 28

▪ Occurs when an attacker attempts to enter a restricted area or get past an access control vestibule by following an authorized employee with their knowledge or consent:
● Influence
● Impersonation
● Elicitation
▪ Piggybacking works well in large organizations where all the employees don’t know each other

Question 29

Physical Attacks: what is Shoulder Surfing?

Answer 29

Occurs when an attacker attempts to observe a target’s behavior without them noticing

Question 30

Physical Attacks: what is Eavesdropping?

Answer 30

Listening to conversations and performing direct observation through hearing

Question 31

Physical Attacks: what is Dumpster Diving?

Answer 31

Occurs when an attacker searches inside trash or recycling containers for personal, sensitive, or confidential information or other items of value

Question 32

Physical Attacks: what is Badge Cloning and what are the easiest badge to clone?

Answer 32

▪ The act of copying authentication data from an authorized user’s badge
▪ The easiest badges to clone are badges with RFID and NFC tags embedded in them
▪ Newer RFID badges use higher frequencies that provide higher data rates and can support encryption
▪ For NFC-based badges, a penetration tester needs to be extremely close to the badge they want to clone, usually within just a few inches

Question 33

Social Engineering Tools: what is Social Engineering Toolkit (SET)?

Answer 33

A Python-based collection of tools and scripts that are used to conduct social engineering during a penetration test

Question 34

Social Engineering Tools: what is Browser Exploitation Framework (BeEF)?

Answer 34

▪ Used to assess the security posture of a target environment using cross-site attack vectors
▪ BeEF is a great tool for testing browsers and associated web servers and applications

Question 35

Social Engineering Tools: what is Call Spoofing?

Answer 35

▪ Hide identity
▪ Conduct impersonation attack
▪ Use the modern and up-to-date version of call spoofing programs for your penetration tests