Social Engineering Attacks
摘要
Cyber-attacks and exploits are more prevalent. Comprehending the techniques of threat actors is essential for emulating them and enhancing one's skills as a penetration tester. This chapter addresses the predominant categories of attacks and exploits. The narrative commences by detailing assaults on the most vulnerable component, namely the human aspect. These assaults are referred to as social engineering attacks. Social engineering has served as the primary attack vector for numerous breaches and compromises in recent years. This subject covers numerous social engineering attacks, including phishing, vishing, pharming, spear phishing, whaling, and others. You will also acquire knowledge of social engineering techniques including elicitation, questioning, and mimicry, along with various motivational strategies (or ways of persuasion). You will also learn about shoulder surfing and how attackers exploit the “USB key drop” tactic to deceive users into installing malware and compromising their devices.