Penetration Test - Select Your Attacks(1)

Remote Social Engineering

SOCIAL ENGNEERING
  • Tricking or coercing people into violating security policy
  • Depends on willingness to be helpful
  • Human weaknesses can be leveraged
  • May rely on technical aspects
  • Bypasses access controls and most detection controls
PHISHING
  • Phishing - people are contacted by a seemingly legitimate imposter in an attempt to extract sensitive information
    • Spear phishing
    • SMS phishing
    • Voice phishing
    • Whaling
QUICK REVIEW
  • Social engineering is all about getting an authorized user to do your dirty work
  • Relies on most peoples' willingness to be helpful
  • Successful social engineering can bypass nearly all technical controls
  • Phishing is attempting to get a valid user to click on a link to your exploit
上一篇:脑机接口国内外公司及核心期刊


下一篇:秃顶顶少年团-冲刺日志(第5天)