Ethical Hacking
Social media can be made safer if you take simple steps to strengthen your accounts. In fact, it has been found in many cases that with a little care and effort, you can lessen or avoid many common security issues and risks. You can reuse some of the guidance from earlier chapters and apply it … Read more
Over the last decade, some of the biggest security threats have come from the use of social networking. The rapid growth of these technologies lets millions of users each day post on Facebook, Twitter, and many other networks. What type of information are they posting? ■ Personal information ■ Photos ■ Location information ■ Friend … Read more
An attacker will look for targets of opportunity or potential victims who have the most to offer. Some common targets include receptionists, help desk personnel, users, executives, system administrators, and outside vendors. Let’s look at each and see why this is. Receptionists—one of the first people visitors see in many companies—represent prime targets. They see … Read more
Social engineering can have many potential outcomes on an organization, some obvious and some less so. It is important that you understand each of these, because they can have far-reaching effects: Economic Loss This one is fairly obvious. A social engineer may cause a company or organization to lose money through deception, lost productivity, or … Read more
Social engineering, like the other attacks we have explored in this book, consists of multiple phases, each designed to move the attacker one step closer to the ultimate goal. Let’s look at each of these phases and how the information gained from one leads to the next: 1. Gather information and details about a target … Read more
Why has social engineering been successful, and why will it continue to be so? To answer this, you must first understand why it works and what this means to you as a pentesters. Going after the human being instead of the technology works for a number of reasons: Trust Human beings are a trusting lot. … Read more
Social engineering is a term that is widely used but poorly understood. It’s generally defined as any type of attack that is nontechnical in nature and that involves some type of human interaction with the goal of trying to trick or coerce a victim into revealing information or violate normal security practices. Social engineers are … Read more
Sniffing tools are extremely common applications. A few interesting ones are: Wireshark One of the most widely known and used packet sniffers. Offers a tremendous number of features designed to assist in the dissection and analysis of traffic. TCPdump A well-known command-line packet analyzer. Provides the ability to intercept and observe TCP/IP and other packets … Read more
When you are working with Trojans and other malware, you need to be aware of covert and overt channels. As mentioned earlier in the chapter , the difference between the two is that an overt channel is put in place by design and represents the legitimate or intended way for the system or process to … Read more
A wide range of tools exist that are used to take control of a victim’s system and leave behind a gift in the form of a backdoor. This is not an exhaustive list, and newer versions of many of these are released regularly: let me rule—A remote access Trojan authored entirely in Delphi. It uses … Read more