Social engineering attacks are all about gaining sensitive information by exploiting your fear, emotions and anything through different means.
Types of Social engineering attacks:
Phishing: usually aimed at getting sensitive data or credentials.
Basic scam aimed at as many people they can (usually through mass mailing)
Using for example, brand trust like Walmart, Google, PayPal....etc
Spear-phishing: Just a little more sophisticated type of phishing that targets specific people such as CEOs...
Targeted phishing attack
Whaling: Just a little more targeted attack that targets C-level executives such as CIO, CEO, COO, CFOS.
Vishing: This is done via voice-technologies, voice-mail, VoIP, cellphone.
Tailgating: With an authenticated person, an unauthentic person makes his way into the building without having to authenticate.
Shoulder Surfing: Looking over someone's shoulder with the purpose of seeing someone's authentication details.
Hoax: Misleading information
Watering Holes Attack: This attack targets a group of people that work together by infecting websites that the group is known to visit. It only takes a single user to get infected to gain access to the network.
People are conditioned to respond to authority.
Using implied authority for means of propagating an attack
Two higher ranking military person
When a user does not know how to react (say to an email), so they will look to others to see how to react (to click the email, to respond to the email)
People are more likely to respond to scams when there is a time or availability concern
Download "this add-on" to view the page
Not being able to view a page until a program to install can make the victim see it even more
People are comfortable with those they are familiar with
First objective is to establish trust
DoS (Denial of Servic) Attack: an attack that meant to shut down a machine or network, making it inaccessible to its intended users. It could be both physical and technological.
Physical: If someone cuts the power of the data center.
Technological: If someone floods too much information or packets then the target machine can handle. It'll be so busy handling them and ultimately may crash or shut down
DDoS (Distributed Denial of Service) Attack: Like DoS attack, its sole purpose is also to disrupt the service to prevents the legitimate users to do their job. However, this time they take a more collaborative approach through botnet and zombies to attack a target all at once and at a particular time.
Man-In-The-Middle Attack (MITM): It works by sitting between two endpoints where the attacks can intercept, manipulate and re-direct data.
Buffer Overflow Attack: Attackers exploit buffer overflow issues by overwriting the memory of an application. It happens when the attacker gives more data than it can handle, so it spills over into the unchecked memory.
Cross Site Request Forgery (CSRF): An attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.
Address Resolution Protocol (ARP) Spoofing: In this attack, the attacks spoofs the MAC address and makes it way into the cache by going through the legitimate ARP process.
DNS Poisoning: Having malicious DNS entries in the DNS cache (Recursive DNS) that can send the user to a bad site.
Domain Hijacking: Transferring domains to other malicious party through malicious means.
Often go undisputed
Hard to reverse
ICANN’s Registrar Transfer Dispute Resolution Policy to seek the return of the domain
Typo-squadding: When you make a typo while typing the domain name and lends to a different website than the intended one.
Click-jacking: Placing hidden links on seemingly legit images or clickable content that redirect the victim to an unintended location
Session-hijacking: Using stolen cookies, the attacker does malicious activity on behalf of the victim such as bank fund transfer or something else.
Man-In-the-Browser: A malicious piece of code that attackers put into the browser. So they can intercept, and get traffic/data.
Zero-Day: An exploit that nobody knows about and has no solution.
Pass the Hash:
Rogue Access Point is the SSID of a malicious access point under the same name like the legitimate ones are that once connected, can scrape data and do other type of things.
It is similar in nature of Rogue Access Point but the process is a little automated. It changes the NIC information to the legitimate access points and once gets does what Rogue AP does.
A network security standard to create a secure wireless home network but poorly implemented.
Bluejacking: Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones,
Bluesnarfing: Bluesnarfing is the theft of information through Bluetooth. Hackers do it by sneaking into mobile devices — smartphones, laptops, tablets, or PDAs whose connection has been left open by their owners.
Near field communication technology can transfer files between two NFC-enabled devices over the radio frequencies. If files can be transferred, imagine the malware could be transferred this way.
In cryptography, a ciphertext-only attack (COA) or known ciphertext attack is an attack model for cryptanalysis where the attacker is assumed to have access only to a set of ciphertexts. While the attacker has no channel providing access to the plaintext prior to encryption, in all practical ciphertext-only attacks, the attacker still has some knowledge of the plaintext. For instance, the attacker might know the language in which the plaintext is written or the expected statistical distribution of characters in the plaintext. Learn more
Forms of known ciphertext attack examples - WEP, PPTP (Point-to-Point Tunneling Protocol)
A rainbow table is a pre-computed table for caching the output of cryptographic hash functions, usually for cracking password hashes.
A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password.
A brute force attack, also known as an exhaustive search, is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered.
Trying to produce the same hash value regardless of what the input was.
Examples - NTLM, MD5, SHA-1
Therefore, one should use SHA-2 and above in SHA family.
SSL 2.0 vs SSL 3.0
TLS 1.0 vs TLS 1.1 vs TLS 1.2
WEP vs WPA vs WPA2
TKIP vs CCMP
PPTP/MPPE vs L2TP/IPSec
RC 4 vs RC 5
DES vs 3DES vs AES (256-bit)