Social Engineering Techniques and Exploits Flashcards
Phishing
Emails or messages from reputable sources to manipulate the recipient
Vishing
phone calls or voice messages from reputable sources to manipulate the recipient
Whaling
Phishing big targets such as CEOs
Shoulder surfing
Peering over a user to obtain sensitive info
Tailgating
The process of jumping through an access point after a user used their data to authenticate the action
Dumpster Diving
Physically going through trash in search of sensitive info
Impersonation
Disguising yourself as someone or something who has access to sensitive areas or info
Evil Twin
Rogue Access Point - someone setting up an AC in the proximity of a network that has SSID info that is identical to the network
DDoS
Distributed Denial of Service. Uses assistance from other computers (drones) all connectors to the attackers controller to attack a larger entity or company to preform DoS functions
DoS
Denial of Service. Someone inadvertently brings a common service or utility offline
Zero-day attack
The very first time a threat has been actualized and no one but the attacker knows about it.
On-path attack
Attacker is attempting to get in the middle of point to point communication to disrupt or monitor activity
Spoofing
In ref to On-path attacks. Attacker creating false info such as forged IP’s or MAC addresses and sending it on the path between source and destination to fool the source that the attacker is the intended recipient
Brute-force or Dictionary Attacks
Guessing the password or trying every possible combination via automation
You can load in entire dictionary that helps speed up the process
SQL injection
Injects information into a form managed by a SQL database which can then be understood by the SQL backend.
