3.6 Attacks and Exploits Flashcards
Given a scenario, perform a social engineering or physical attack.
What is Pretexting?
Pretexting is a Social Engineering tactic, whereby the team will communicate, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood. This belief can prompt the victim into committing an action they had not intended or is against their better interests.
What is Spear Phishing?
Spear Phishing is a phishing attack that targets a specific person or group of people. It requires an attack to perform reconnaissance on the target, in order to create a custom message which can be more convincing than a generic one.
What is Whaling?
Whaling is a form of spear phishing, which targets wealthy or powerful individuals, such as CEOs of Fortune 500 companies or a philanthropist.
What is Vishing?
Vishing, also Voice over IP (VoIP) Phishing, is similar to regular phishing in that a hacker will call the party and request confidential information. This can be more effective as people tend to be more trusting when they are interacting with a person on the other end of the line.
What is a USB drop key attack?
This is an attack where a malicious actor will drop a thumb drive in a public area in order to get a possible employee to pick it up and plug it into their computer. Unbeknownst to them, the drive has ben preloaded with malicious software.
What is the Browser Exploit Framework (BeEF)?
BeEF is a tool designed to exploit some functionality or vulnerability within a browser to launch XSS and injection attacks against a website. The goal is to gain access, gather information, use a proxy, and other utilities for the PenTester.
