Lesson 02 - Technical Aspects of Hacking
Social Engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
Here are two practical hands-on implementations of Social Hacking :
There are a lot of Social Engineering Attack techniques!
One of the most common among them is called Phishing.
Phishing is a form of fraud in which an attacker masquerades (fakes identity) as a reputable entity or person in email or other communication channels. The attacker uses phishing emails (fake emails) to distribute malicious links or attachments that can perform a variety of functions, including the extraction of login credentials or account information from victims. Phishing is popular with cyber criminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate phishing email than trying to break through a computer's defenses.
Let's take a quick look at what Phishing is :
Worried about how to prevent your accounts/systems from getting hacked?
Here are a few tips :
Interested to read more on the various Social Engineering Attacks? Click here.
Watch this Ted(x) Talk on Social Engineering :
------------------------------------------------------------------------------------------------------
When a criminal is trying to hack an organization, they'll draw upon common types of hacking techniques that are known to be highly effective, such as malware, phishing, or cross-site scripting (XSS). There are similar strategies and tactics that most hackers follow.
Here’s an overview of some of the most common types of attacks seen today :
Malware (Bait and Switch)
“Malware” refers to various forms of harmful software, such as viruses and ransomware. Once malware is in your computer, it can wreak all sorts of havoc, from taking control of your machine to monitoring your actions and keystrokes to silently sending all sorts of confidential data from your computer or network to the attacker's home base.
Attackers will use a variety of methods to get malware into your computer, but at some stage, it often requires the user to take any action to install the malware. This can include clicking a link to download a file, or opening an attachment that may look harmless (like a Word document or PDF attachment), but actually has a malware installer hidden within.
Read more about Malware Attacks here.
Cookie Theft
The cookies of a browser keep our personal data such as browsing history, username, and passwords for different sites that we access. Once the hacker gets access to your cookie, they can even authenticate themselves as you on a browser. A popular method to carry out this attack is to encourage a user’s IP packets to pass through the attacker’s machine.
Also known as SideJacking or Session Hijacking, this attack is easy to carry out if the user is not using SSL (https) for the complete session. Notice the URL of the websites you visit. If it says http and not https, then your connection to that website isn't fully secure.
Denial of Service/Distributed Denial of Service (DoS/DDoS)
A Denial of Service attack is a hacking technique to take down a site or server by flooding that site or server with a lot of traffic that the server is unable to process all the requests in the real-time and finally crashes down. This popular technique, the attacker floods the targeted machine with tons of requests to overwhelm the resources, which, in turn, restrict the actual requests from being fulfilled.
For DDoS attacks, hackers often deploy botnets or zombie computers which have got the only work to flood your system with request packets. With each passing year, as the malware and types of hackers keep getting advanced, the size of DDoS attacks keeps getting increasing.
Read more about how DDoS Attack works here.
SQL Injection Attack
An SQL injection attack works by exploiting any one of the known SQL (a programming language used to communicate with databases) vulnerabilities that allow the SQL server to run malicious code. For example, if a SQL server is vulnerable to an injection attack, it may be possible for an attacker to go to a website's search box and type in code that would force the site's SQL server to dump all of its stored usernames and passwords for the site.
Read more about SQL Injection Attacks here.
We will look at more types of Hacking a litter later in the workshop!
If you are curious, here are a few resources :
Comments
Post a Comment