Social Engineering attacks and its types:
Social engineering attacks is used to gain access to the system and carry out actions that reveal confidential/secret information of the user. It makes the user break the security procedures and tricks to gain access to the system. There are different types of social engineering attacks such as-
- Phishing – Attackers creates similar fake website and acquires personal and bank details through this. He targets customer through email and other means.
- Spear phishing – Similar attack like phishing but the target is narrow towards specific group.
- Vishing – Attack through phone as a medium
- Pretexting – Based on a scripted scenario, used to extract PII. The attacker resembles himself as a known person.
- Baiting – Attacks happen through download links, infected USB’s etc..
Denial of Service Attack vs Distributed Denial of Service Attack:
|1||In DOS, the attacker uses a single computer and internet connection to flood the target resource.||In DDOS, he uses multiple computers and Internet connections to flood the target resource.|
|2||DOS are launched using scripts or DOS tools.||DDOS are launched from botnets|
|3||DOS can be traced back easily since it uses only one IP.||DDOS are difficult to trace back and it does massive attack than DOS.|
Exploiting or hacking and getting unauthorized access to the information or services of a valid computer session is known as Session hacking (aka) Hijacking. Most common method is IP spoofing when the attacker uses source-routed IP packets to insert the commands for attacking. There are different ways of session hijacking such as packet sniffing, cross site scripting, IP spoofing and blind attack.
Levels & Tools of Session hijacking:
There are two levels of session hijacking known as –
- Network level hijacking
- TCP session
- UDP session
- Application level
- HTTP session
There are several session hijacking tools such as Burp suite, Firesheep, Surf Jack, Ettercap, Cookie Catcher and so on.
Web Hacking techniques:
There are several web hacking techniques such as-
- FREAK (Factoring Attack on RSA-Export Keys) – Attacker makes the user use servers with weaker encryption.
- LogJam – Man-in-the-middle attack, where the attacker alters the information in the middle.
- Web Timing Attacks – An attacker analyzes the cryptographic algorithms used and then he performs the attack.
- Illusory TLS – This attack exploits the security architecture of the system by employing CA certificates.