CEH
[CEH V11]module9筆記-social Engineering
social Engineering attack階段
- Research the target company
- select a target
- develop a relationship
- exploit the relationship
有三種的社交攻擊法,Human-based Computer-based Mobile-based 就是透過人、電腦、手機來社交攻擊
Human-based
- Eavesdropping-偷聽
- shoulder surfing-偷看
- DumpsterDiving-翻垃圾桶、碎紙機等
Computer-based
- Spear Phishing
- Whaling
- Pharming-網址嫁接(包含改dns中讀、host file更改)
- Spimming-垃圾郵件
type of insider threats(內部威脅)
- Malicious Insider(惡意)-惡意員工偷資料
- Negligent Insider(疏忽)
- Professional Insider- 專業員工自己去入侵
- Compromised Insider(妥協)-跟外部威脅行為妥協
Evilginx-可繞過雙因素驗證的高階釣魚框架。它是一箇中間人攻擊框架,用於遠端捕獲任何Web服務的憑證和會話cookie。攻擊者會向執行Evilginx的伺服器傳送一個釣魚連結然後駭客再把連結透過email之類傳送出去,受害者點下去後就會為觸發Evilginx代理的Google登入頁面。受害者輸入他們的有效帳戶憑證,通過雙重身份驗證後再開釣魚網址,這時候駭客就可以拿到受害者的email跟密碼還有session cookies 以此繞過雙重認證
Be the First to comment.
About Author
DAVIDOU
一個不務正業,甚麼科技產品都玩的網路宅宅。 If you want to find me,that's easy! I will always on the Internet. so just find me, follow me. I will show you everything fun.
我的社群網路
