Social Engineering
Attacks by manipulating people, includes trust to gain access.
There are many methods of this:
- Dumpster diving: finding dumped hard copies that may contain sensitive information
- Impersonating a company member, trying to trick users to giveaway their account information
- Phishing: most common method, sending an email to a person claiming from a company/social media to fill their account information
Gaining information has 2 methods:
- Interview: the soft way, with all parties involved consent.
- Interrogation: the hard way, one-sided questioning and mandatory for the person asked to answer the question
Evidently, there are a lot of scams, one such example is asking for bank account details through phone call.
Target exploitation
Main hacking procedure. Basically executing malicious codes to access file. Mostly by inserting some kind of malicious codes/virus to gain backdoor access to a target computer.
Tools used: metasploit
The target will download file that contains malicious code/virus/malware and gains access to their files.