Skip to main content

Social Engineering attacks and theirypes:

 

Social Engineering attacks and their types:



Social engineering attacks are used to gain access to the system and carry out actions that reveal confidential/secret information of the user. It makes the user break the security procedures and tricks to gain access to the system. There are different types of social engineering attacks such as-

  1. Phishing – Attackers create a similar fake website and acquire personal and bank details through this. He targets customers through email and other means.
  2. Spear phishing – Similar attack like phishing but the target is narrow towards a specific group.
  3. Vishing – Attack through phone as a medium
  4. Pretexting – Based on a scripted scenario, used to extract PII. The attacker resembles himself as a known person.
  5. Baiting – Attacks happen through download links, infected USB’s etc.

Denial of Service Attack vs Distributed Denial of Service Attack:

S.noDOSDDOS
1In DOS, the attacker uses a single computer and internet connection to flood the target resource.In DDOS, he uses multiple computers and Internet connections to flood the target resource.
2DOS is launched using scripts or DOS tools.DDOS are launched from botnets
3DOS can be traced back easily since it uses only one IP.DDOS is difficult to trace back and it does massive attack than DOS.


Session Hijacking

Exploiting or hacking and getting unauthorized access to the information or services of a valid computer session is known as Session hacking (aka) Hijacking. Most common method is IP spoofing when the attacker uses source-routed IP packets to insert the commands for attacking. There are different ways of session hijacking such as packet sniffing, cross-site scripting, IP spoofing, and blind attack.

Levels & Tools of Session hijacking:

There are two levels of session hijacking known as –

  • Network-level hijacking
    1. TCP session
    2. UDP session
  • Application-level
    1. HTTP session

There are several session hijacking tools such as Burp suite, Firesheep, Surf Jack, Ettercap, Cookie Catcher, and so on.


Web Hacking techniques:

There are several web hacking techniques such as-

  • FREAK (Factoring Attack on RSA-Export Keys)  – Attacker makes the user use servers with weaker encryption.
  • LogJam – Man-in-the-middle attack, where the attacker alters the information in the middle.
  • Web Timing Attacks – An attacker analyzes the cryptographic algorithms used and then he performs the attack.
  • Illusory TLS – This attack exploits the security architecture of the system by employing CA certificates.


Labels:

Comments

Post a Comment

Popular posts from this blog

Write a C program to find number is Abundant number or not

  Write a C program to find the number is an Abundant number or not:- In this program to find a number is an Abundant number or not. A number n is said to be an Abundant Number to follow these condition the sum of its proper di visors is greater than the number itself. And the difference between these two values is called abundance. Ex:-  Abundant number  12 having a proper divisor is 1,2,3,4,6 the sum of these factors is 16 it is greater than 12 so it is an Abundant number. Some other abundant numbers     18, 20, 24, 30, 36, 66, 70, 72, 78, 80, 84, 88, 90, 96, 100, 102, 104, 108, 112, 114, 120.. ALGORITHMS:- Step 1 - Enter the number, to find the Abundant number. Step 2 - Initialize the loop with c=1 to c<=number and follow the following calculation      (i) check if whether the number is divisible with c and c got a result zero.      (ii) now sum=sum+c, add a digit into a sum and store it in the sum. Step 3 . then the...
Post a Comment
Read more

Data Structure Multiple Choice Questions and Answers

  Data Structure Multiple Choice Questions and Answers Our 1000+ multiple choice questions and answers (MCQs) on "Data Structure - I" (along with 1000+ MCQs on "Data Structure - II (Algorithms)") focus on all areas of Data Structure covering 200+ topics. One can read MCQs on Data Structure - II (Algorithms)                 Array and Array Operations This set of Data Structure Multiple Choice Questions & Answers (MCQs) focuses on “Array and Array Operations”. 1. Which of these best describes an array? a) A data structure that shows a hierarchical behavior b) Container of objects of similar types c) Arrays are immutable once initialised d) Array is not a data structure View Answer Answer: b Explanation: Array contains elements only of the same type. 2. How do you initialize an array in C? a) int arr[3] = (1,2,3); b) int arr(3) = {1,2,3}; c) int arr[3] = {1,2,3}; d) int arr(3) = (1,2,3); View Answer Answer: c Explanation: This is the syntax ...
Post a Comment
Read more

A simple way to Understand how you get attack from Phishing (Emails, Messaging Apps etc.)

  A simple way to Understand how you get attacks from Phishing (Emails, Messaging Apps etc ) What is Phishing? Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card details, by disguising oneself as a trustworthy entity in electronic communication such as (Email, SMS, Text messages, Mobile app messages, and social media posts.) So how does phishing attacks work- A malicious link will be sent, once clicked, It begins the process to Steal data, financial card information, login credentials, and also infect your device, phones with malware(Virus) when you download the attached document. Phishing links don’t just come in emails alone. several malicious links that lead to stolen data and infected devices can be found in SMS text messages, Mobile app messages, Social media posts . How I received these compromised messages.- The phishing emails and text may usually look like a message from a company you know or trust. The...
Post a Comment
Read more