Professional Documents
Culture Documents
Social Engineering 1 2 PDF
Social Engineering 1 2 PDF
CompTIA Security+
SY0-501
CompTIA Security+
Domain 1 –
Threats, Attacks and Vulnerabilities
1.2 Compare and contrast types of attacks
Social Engineering
Definition:
● The process by which intruders gain access to facilities, network, systems,
data and even employees by exploiting the generally trusting nature of
people.
● The use of deception to manipulate individuals into divulging confidential or
personal information that may be used for fraudulent purposes.
● Offline / Physical
○ Tailgating
○ Impersonation
○ Dumpster diving
○ Shoulder surfing
● Either
Phishing Example
Communications Spoofing
● Vishing: the fraudulent practice of
making phone calls or leaving voice
messages purporting to be from
reputable companies in order to
induce individuals to reveal
personal information.
● Variants: SMiShing
Communications Spoofing
● Hoax: Malicious actors issuing false warnings to
alarm users
● Swatting: Fraudulent calls to the police
● Watering Hole Attack: A security exploit in which
the attacker seeks to compromise a specific
group of end users by infecting websites that
members of the group are known to visit.
● Intimidation ● Trust
● Scarcity ● Reciprocity
Sample question
A user contacts you suspecting that his computer is
infected. Yesterday he opened an email that looked like
it was from a colleague. When he later talked to that
person, she said she never sent an email. What type of
attack is the most likely the cause of the infection?
A. Phishing
B. Trojan
C. Spear phishing
D. Whaling
Sample question
You observe a delivery person entering your building
by following an employee through a locked door into
a secure facility. Which term best describes this type
of attack:
A. Shoulder surfing
B. Reciprocity
C. Tailgating
D. Whaling
CompTIA Security+
Domain 1 –
Threats, Attacks and Vulnerabilities
1.2 Compare and contrast types of attacks
Attack Types
● Social engineering: Phishing; Spear phishing; Whaling; Vishing; Tailgating;
Impersonation; Dumpster diving; Shoulder surfing
● Application/service attacks: Buffer overflow; Injection; Cross-site scripting;
Cross-site request forgery; Privilege escalation; Impersonation/Masquerading;
Replay; Driver manipulation (Shimming; Refactoring); Zero-Day (0-Day)
Exploits
● Cryptographic attacks: Birthday; Known plain text/cipher text; Rainbow tables;
Dictionary; Brute force; Pass the hash
● Hijacking and related attacks: Clickjacking; Session hijacking; URL hijacking;
Typo squatting); MAC spoofing; IP spoofing
● Network / Wireless Attacks: DoS; DDoS; Man-in-the-middle; Amplification;
DNS poisoning; Domain hijacking; ARP poisoning; Initialization Vector (IV);
Evil twin; Rogue AP; Jamming; Bluejacking
Application Attacks
● Buffer overflow
● Injection
● Cross-site scripting (XSS)
● Cross-site request forgery (CSRF or XSRF)
● Privilege escalation
https://www.owasp.org/index.php/Top_10-2017_Top_10
Application Attacks –
Buffer overflow
Application Attacks –
Privilege Escalation
The act of exploiting a bug, design flaw or configuration
oversight in an operating system or software
application to gain elevated access to resources that
are normally protected from an application or user.
Application Attacks –
Prevention & Response
● Good coding practices – See OWASP
● Filter and validate any user input
● Use a Web Application Firewall (WAF)
● Build security into the Software Development
Life Cycle (SDLC)
● Have an incident response plan in place
● Example: Stuxnet
● Prevention:
○ Defense in depth;
○ Patch;
○ Keep AV up-to-date
Driver manipulation
Cryptographic attacks
See section on Cryptography
Cryptographic attacks
Password attacks:
● Dictionary: systematically entering each word in a
dictionary as a password
● Brute force: systematically attempting all possible combinations of
letters, numbers, and symbols. Usually automated.
● Rainbow tables: all of the possible password hashes are computed in
advance and those hash values are compared with the password
database.
● Pass the hash: An attacker attempts to authenticate to a remote
server or service by intercepting password hashes on a network.
Sample question
During a breach investigation, you notice that the attacker
entered the database through a web front end application
by manipulating the database code to exploit a
vulnerability. What is the most likely name for this type of
attack?
A. SQL parsing
B. Database injection
C. SQL injection
D. Session hijacking
Sample question
Which of the following type of attack is the result of
software vulnerabilities and is caused by supplying
more data than is expected in an input field?
Sample question
Which form of attack uses special programs that attempt
all possible character combinations to determine
passwords?
A. brute-force attack
B. dictionary attack
C. password guessing
D. birthday attack
CompTIA Security+
Domain 1 –
Threats, Attacks and Vulnerabilities
1.2 Compare and contrast types of attacks
CompTIA Security+
Domain 1 –
Threats, Attacks and Vulnerabilities
1.2 Compare and contrast types of attacks
Attack Types
● Social engineering: Phishing; Spear phishing; Whaling; Vishing; Tailgating;
Impersonation; Dumpster diving; Shoulder surfing
● Application/service attacks: Buffer overflow; Injection; Cross-site scripting;
Cross-site request forgery; Privilege escalation; Impersonation/Masquerading;
Replay; Driver manipulation (Shimming; Refactoring);
● Cryptographic attacks: Birthday; Known plain text/cipher text; Rainbow tables;
Dictionary; Brute force; Pass the hash
● Hijacking and related attacks: Clickjacking; Session hijacking; URL hijacking;
Typo squatting); MAC spoofing; IP spoofing
● Network / Wireless Attacks: DoS; DDoS; Man-in-the-middle; Amplification;
DNS poisoning; Domain hijacking; ARP poisoning; Initialization Vector (IV);
Evil twin; Rogue AP; Jamming; Bluejacking
Man-in-the-Middle Attacks
● An attack where the attacker secretly relays and
possibly alters the communication between two parties
who believe they are directly communicating with each
other.
● The attacker may either observe (confidentiality attack)
or alter (integrity attack)
Amplification Attacks
● The goal of the attacker is to get a response to their
request in a greater than 1:1 ratio so that the additional
bandwidth traffic works to congest and slow the responding
server down.
● The ratio achieved is known as the amplification factor ,
and high numbers are possible with UDP based protocols
such as NTP, CharGen, and DNS.
● Usually employed as a part of a DDoS attack
Domain Hijacking /
DNS Poisoning / DNS Spoofing
● AKA Resolution Attacks
● Poisoning: When an attacker alters the
domain-name-to-IP-address mappings in a DNS system
to redirect traffic to a rogue system or perform a DoS attack.
● Spoofing: When an attacker sends false replies to a requesting system in
place of a valid DNS response.
Wireless Attacks
● Evil twin: A rogue wireless access point poses
as a legitimate wireless service provider to intercept
information that users transmit
● Rogue AP: Any wireless access point added to your
network that has not been authorized
● Initialization Vector (IV): an arbitrary number that can
be used along with a secret key for data encryption.
This number, also called a nonce, is employed only one
time in any session. If the IV is weak, as in WEP, it may
be reused.
● Jamming: Causing interference with a wireless signal.
● Bluesnarfing:
○ The gaining of unauthorized access through
a Bluetooth connection
○ Intercepting data through a Bluetooth
connection
Sample question
Of the below term, which one best describes the
type of attack that captures portions of a session to
play back later to convince a host that it continues to
communicate with the original system?
A. IP hijacking
B. Jamming
C. Trojan
D. Replay
Sample question
You have a user call you from a hotel saying
there’s an issue with your organization’s web site
and that it looks like it’s been compromised. You
check it from your work at it appears fine. What is a
likely cause associated with the user at the hotel?
A. Logic bomb
B. DNS Poisoning
C. Trojan horse
D. Evil twin
CompTIA Security+
Domain 1 –
Threats, Attacks and Vulnerabilities
1.2 Compare and contrast types of attacks
CompTIA Security+
Domain 1 –
Threats, Attacks and Vulnerabilities
1.2 Compare and contrast types of attacks