Skip to main content

Social Engineering attacks and theirypes:

 

Social Engineering attacks and their types:



Social engineering attacks are used to gain access to the system and carry out actions that reveal confidential/secret information of the user. It makes the user break the security procedures and tricks to gain access to the system. There are different types of social engineering attacks such as-

  1. Phishing – Attackers create a similar fake website and acquire personal and bank details through this. He targets customers through email and other means.
  2. Spear phishing – Similar attack like phishing but the target is narrow towards a specific group.
  3. Vishing – Attack through phone as a medium
  4. Pretexting – Based on a scripted scenario, used to extract PII. The attacker resembles himself as a known person.
  5. Baiting – Attacks happen through download links, infected USB’s etc.

Denial of Service Attack vs Distributed Denial of Service Attack:

S.noDOSDDOS
1In DOS, the attacker uses a single computer and internet connection to flood the target resource.In DDOS, he uses multiple computers and Internet connections to flood the target resource.
2DOS is launched using scripts or DOS tools.DDOS are launched from botnets
3DOS can be traced back easily since it uses only one IP.DDOS is difficult to trace back and it does massive attack than DOS.


Session Hijacking

Exploiting or hacking and getting unauthorized access to the information or services of a valid computer session is known as Session hacking (aka) Hijacking. Most common method is IP spoofing when the attacker uses source-routed IP packets to insert the commands for attacking. There are different ways of session hijacking such as packet sniffing, cross-site scripting, IP spoofing, and blind attack.

Levels & Tools of Session hijacking:

There are two levels of session hijacking known as –

  • Network-level hijacking
    1. TCP session
    2. UDP session
  • Application-level
    1. HTTP session

There are several session hijacking tools such as Burp suite, Firesheep, Surf Jack, Ettercap, Cookie Catcher, and so on.


Web Hacking techniques:

There are several web hacking techniques such as-

  • FREAK (Factoring Attack on RSA-Export Keys)  – Attacker makes the user use servers with weaker encryption.
  • LogJam – Man-in-the-middle attack, where the attacker alters the information in the middle.
  • Web Timing Attacks – An attacker analyzes the cryptographic algorithms used and then he performs the attack.
  • Illusory TLS – This attack exploits the security architecture of the system by employing CA certificates.


Comments

Popular posts from this blog

Data Structure Multiple Choice Questions and Answers

  Data Structure Multiple Choice Questions and Answers Our 1000+ multiple choice questions and answers (MCQs) on "Data Structure - I" (along with 1000+ MCQs on "Data Structure - II (Algorithms)") focus on all areas of Data Structure covering 200+ topics. One can read MCQs on Data Structure - II (Algorithms)                 Array and Array Operations This set of Data Structure Multiple Choice Questions & Answers (MCQs) focuses on “Array and Array Operations”. 1. Which of these best describes an array? a) A data structure that shows a hierarchical behavior b) Container of objects of similar types c) Arrays are immutable once initialised d) Array is not a data structure View Answer Answer: b Explanation: Array contains elements only of the same type. 2. How do you initialize an array in C? a) int arr[3] = (1,2,3); b) int arr(3) = {1,2,3}; c) int arr[3] = {1,2,3}; d) int arr(3) = (1,2,3); View Answer Answer: c Explanation: This is the syntax ...

HackerRank Tuples Solution in Python

  HackerRank Tuples Solution in Python Task Given an integer,n, and n  space-separated integers as input, create a tuple, t, of those n integers. Then compute and print the result of hash(t). Note:   hash()  is one of the functions in the  __builtins__  module, so it need not be imported. Input Format The first line contains an integer,n, denoting the number of elements in the tuple. The second line contains n space-separated integers describing the elements in tuple t . Output Format Print the result of  hash(t) . Sample Input 0 2 1 2 Sample OUTPUT- 3713081631934410656 n = int(input()) int_list = [int(i) for i in input().split()] int_tuple = tuple(int_list) print(hash(int_tuple))

Chakra Vyuh Bhedna, the only answer to how to crack group discussions!

  Chakra Vyuh Bhedna, the only answer to how to crack group discussions! Because of the pandemic, the placement drive was conducted virtually. And to add to the difficulty level, more than 200 students participated in the drive. The selection process consisted of an online test that included the aptitude and technical questions, which was followed by a group discussion. Both were elimination rounds. The shortlisted students were then called for the final round, the personal interview. All about cracking group discussions and interviews My strategy was to be attentive in the pre-placement talks by asking questions to them and even trying to answer their questions. This helped me to boost my self-confidence and made me perform well during the Group Discussion. For cracking group discussion, I practiced a simple and powerful technique called  Chakra Vyuh Bhedna . It's a complete weapon to crack any GD. This technique has 4 parts.  Awareness of the topic Understanding PE...