Scribd
Upload
4 views

Lecture 3

3محاضرة القرصنة الأخلاقية

Uploaded by

bisho0323
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

Lecture 3

3محاضرة القرصنة الأخلاقية

Uploaded by

bisho0323
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Reconnaissance

and Footprinting
[Social
Engineering]

Lecture 3
Lecture Objectives
• Define What is social engineering
• Understand Social engineering attack techniques
• Perform Social engineering attack by using SEToolkit

CYB234_Lectuer#3 2
What is social engineering
• Social engineering refers to all techniques aimed at talking a target
into revealing specific information or performing a specific action for
illegitimate reasons.

CYB234_Lectuer#3 3
Social engineering attack techniques
• Phishing Attacks
▪ DNS Spoofing and Cache Poisoning Attacks
▪ Scareware Attacks
▪ Watering hole attacks
▪ Physical social engineering
▪ USB baiting

CYB234_Lectuer#3 4
Phishing Attacks
• Phishing attackers pretend to be a trusted institution or individual in
an attempt to persuade you to expose personal data and other
valuables.
• Voice phishing (vishing)
• SMS phishing (smishing)
• Email phishing
• Angler phishing
• Search engine phishing
• URL phishing

CYB234_Lectuer#3 5
DNS Spoofing and Cache Poisoning Attacks
• DNS spoofing manipulates your browser and web servers to travel to
malicious websites when you enter a legitimate URL. Once infected
with this exploit, the redirect will continue unless the inaccurate
routing data is cleared from the systems involved.
• DNS cache poisoning attacks specifically infect your device with
routing instructions for the legitimate URL or multiple URLs to
connect to fraudulent websites.

CYB234_Lectuer#3 6
Scareware Attacks
• Scareware is a form of malware used to frighten you into taking an
action. This deceptive malware uses alarming warnings that report
fake malware infections or claim one of your accounts has been
compromised.

CYB234_Lectuer#3 7
Watering hole attacks
• Watering hole attacks infect popular webpages with malware to
impact many users at a time. It requires careful planning on the
attacker’s part to find weaknesses in specific sites. They look for
existing vulnerabilities that are not known and patched — such
weaknesses are deemed zero-day exploits .

CYB234_Lectuer#3 8
Physical social engineering
• Certain people in your organization--such as help desk staff,
receptionists, and frequent travelers--are more at risk from physical
social engineering attacks, which happen in person.
• The organization should have effective physical security controls such
as visitor logs, escort requirements, and background checks.
• Employees in positions at higher risk for social-engineering attacks
may benefit from specialized training from physical social engineering
attacks.
• Example: Tailgating Attacks
• Tailgating , or piggybacking, is the act of trailing an authorized staff member
into a restricted-access area
CYB234_Lectuer#3 9
Baiting
• Baiting abuses your natural curiosity to coax you into exposing
yourself to an attacker. Typically, potential for something free or
exclusive is the manipulation used to exploit you. The attack usually
involves infecting you with malware.
• Popular methods of baiting can include:
• USB drives left in public spaces, like libraries and parking lots.
• Email attachments including details on a free offer, or fraudulent free
software.

CYB234_Lectuer#3 10
Active Reconnaissance Techniques
• In the Passive reconnaissance the attacker is not actually connecting
to the target system, it is impossible for an intrusion detection system
(IDS) to detect the scan.
• Active scans are far more reliable but may be detected by the target
system.
• There are a few types of active scans,
• Port Scanning
• Enumeration
• Wireshark
• Maltego
• OSINT Tools
CYB234_Lectuer#3 11
Lab3
SEToolKit

You might also like