Social Engineering attacks and its types:
Social engineering attacks is used to gain access to the system and carry out actions that reveal confidential/secret information of the user. It makes the user break the security procedures and tricks to gain access to the system. There are different types of social engineering attacks such as-
- Phishing – Attackers create a similar fake website and acquire personal and bank details through this. He targets customers through email and other means.
- Spear phishing – Similar attack like phishing but the target is narrow towards a specific group.
- Vishing – Attack through phone as a medium
- Pretexting – Based on a scripted scenario, used to extract PII. The attacker resembles himself as a known person.
- Baiting – Attacks happen through download links, infected USB’s, etc.
Denial of Service Attack vs Distributed Denial of Service Attack:
Let’s compare the difference between DOS and DDOS
||In DOS, the attacker uses a single computer and internet connection to flood the target resource.
||In DDOS, he uses multiple computers and Internet connections to flood the target resource.
||DOS is launched using scripts or DOS tools.
||DDOS are launched from botnets
||DOS can be traced back easily since it uses only one IP.
||DDOS is difficult to trace back and it does massive attacks than DOS.
Join the best Certified Ethical Hacking Training and give a head-start to your career as a professional Ethical Hacker!
Exploiting or hacking and getting unauthorized access to the information or services of a valid computer session is known as Session hacking (aka) Hijacking. The most common method is IP spoofing when the attacker uses source-routed IP packets to insert the commands for attacking. There are different ways of session hijacking such as packet sniffing, cross-site scripting, IP spoofing, and blind attack.
Levels & Tools of Session hijacking:
There are two levels of session hijacking known as –
- Network-level hijacking
- TCP session
- UDP session
- HTTP session
There are several session hijacking tools such as Burp suite, Firesheep, Surf Jack, Ettercap, Cookie Catcher, and so on.
Web Hacking techniques:
There are several web hacking techniques such as-
- FREAK (Factoring Attack on RSA-Export Keys) – Attacker makes the user use servers with weaker encryption.
- LogJam – Man-in-the-middle attack, where the attacker alters the information in the middle.
- Web Timing Attacks – An attacker analyzes the cryptographic algorithms used and then he performs the attack.
- Illusory TLS – This attack exploits the security architecture of the system by employing CA certificates.