Hacking: The Beginner's Complete Guide To Computer Hacking And Penetration Testing by Miles Price

Author:Miles Price
Language: eng
Format: azw3, epub, pdf
Published: 2017-06-23T07:00:00+00:00

Physical security is a critical part of cyber security. Hackers will always look for any weakness that they can find, whether online or offline.

Chapter 5: Social Engineering

Did you know that in the year 2016, the top three cyber-threat concerns were social engineering, insider threats, and advanced persistent threats? This shows you just how rampant social engineering attacks have become in cyber security.

Why do you think social engineering is number one on that list? A hacker is supposed to attack the system or network, so why would they focus on another aspect of an organization’s security system?

The answer lies in the people. The biggest weakness of every element of security is the people involved. We saw in the last chapter how the most advanced technology cannot protect you against cyber attacks if the people guarding the building are sleeping on the job. Through social engineering, you can hack the people by gaining their trust and exploiting them for the information you need. However, you will require a certain degree of boldness and skill to get people to trust you, considering that you are a total stranger.

One aspect of social engineering is that it is usually done together with a physical security hack. The aim is to make contact with someone who has specific information that can help you gain access to the files or resources of your intended target.

For example:

Send the target an email that contains links. When they click the link, malware or a virus is downloaded onto their computer, thus allowing you to control the system and acquire data.

If you are an employee in a company and want to gain unauthorized access to confidential data, you could inform the security department that you have lost your access badge. They will give you the keys to enter the room thus allowing you to get to the physical and digital files you want.

You could impersonate a genuine product vendor and claim that your company needs to update or install a patch on the client’s software (e.g. accounting software). You could then request to be given the administrator password. Alternatively, you could just ask them to download the fake software, which would then give you remote access to the target’s network.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.