Comptia Security+ 601 Chapter 4 Summary

CompTIA Security+ Study Guide: Exam SY0-601 8th Edition, by Mike Chapple & David Seidl


Chapter 4 summary of my notes.


1. Different Attacks & Techniques


A key part of social engineering is understanding the target, how humans react, and how stress reactions can be leveraged to meet a goal. A number of key principles are leveraged to successfully social engineer an individual:



  1. Authority, which relies on the fact that most people will obey someone who appears to be in charge or knowledgeable,

  2. Intimidation relies on scaring or bullying an individual into taking a desired action.

  3. Consensus-based social engineering uses the fact that people tend to want to do what others are doing to persuade them to take an action.

  4. Scarcity is used for social engineering in scenarios that make something look more desirable because it may be the last one available.

  5. Familiarity-based attacks rely on you liking the individual or even the organization the individual is claiming to represent.

  6. Trust, much like familiarity, relies on a connection with the individual they are targeting. Social engineers who use this technique work to build a connection with their targets so that they will take the actions that they want them to take.

  7. Urgency relies on creating a feeling that the action must be taken quickly due to some reason or reasons.


Phishing is most often done via email, but a wide range of phishing techniques exist, including things like smishing, which is phishing via SMS (text) messages, and vishing, or phishing via telephone.


Spear phishing targets specific individuals or groups.


Whaling is aimed at senior employees like CEOs and CFOs—“big fish” in the company.


Filtering helps prevent phishing using reputation tools, keyword and text pattern matching, and other technical methods of detecting likely phishing emails, calls, or texts. 


Attacks against websites are also used by social engineers, and pharming is one example. Pharming attacks redirect traffic away from legitimate websites to malicious versions. Pharming typically requires a successful technical attack that can change DNS entries on a local PC or on a trusted local DNS server, allowing the traffic to be redirected. Unlike pharming, watering hole attacks don't redirect users; instead, they use websites that targets frequent to attack them.


Typo squatters use misspelled and slightly off but similar to the legitimate site URLs to conduct typosquatting attacks.                  


The Security+ exam outline includes Spam over Instant Messaging (SPIM) as well as a number of in-person techniques such as dumpster diving, shoulder surfing, and tailgating.


Tailgating = a physical entry attack that requires simply following someone who has authorized access to an area so that as they open secured doors you can pass through as well.


Elicitation = technique used to gather information without targets realizing they are providing it.


Prepending can mean one of three things:



  1. Adding an expression or phrase, such as adding “SAFE” to a set of email headers to attempt to fool a user into thinking it has passed an antispam tool.

  2. Adding information as part of another attack to manipulate the outcome.

  3. Suggesting topics via a social engineering conversation to lead a target toward related information the social engineer is looking for.


Pretexting = using a made-up scenario to justify why you are approaching an individual, often used as part of impersonation efforts to make the impersonator more believable.


Invoice Scams = sending fake invoices to organizations in the hopes of receiving payment.


Hybrid warfare = competition short of conflict, which may include active measures like cyberwarfare as well as propaganda and information warfare. Influence campaigns and social media are used as part of hybrid warfare efforts by nation-state actors of all types.


Brute-force Attacks = iterating through passwords until they find one that works. 


Password Spraying Attacks = a form of brute-force attack that attempts to use a single password or small set of passwords against many accounts.


Dictionary attacks = another form of brute-force attack that uses a list of words for their attempts. Commonly available brute-force dictionaries exist, and tools like John the Ripper, a popular open source password cracking tool, have word lists (dictionaries)


If you can capture hashed passwords from a password store, tools like rainbow tables can be very useful. Rainbow tables are an easily searchable database of precomputed hashes using the same hashing methodology as the captured password file. Thus, if you captured a set of passwords that were hashed using MD5, you could compute or even purchase a full set of passwords for most reasonable password lengths, and then simply look up the hashes of those passwords in the table.


Malicious flash drive attacks largely fall into two categories. Penetration testers (and potentially attackers) may drop drives. Malicious USB cables also exist, although they're less common since they require dedicated engineering to build, rather than simply buying commodity flash drives.


 Card cloning attacks focus on capturing information from cards like RFID and magnetic stripe cards often used for entry access.


Skimming attacks that use hidden or fake readers or social engineering and hand-held readers to capture (skim) cards, and then employ cloning tools to use credit cards and entry access cards for their own purposes.


Supply chain attacks attempt to compromise devices, systems, or software before it even reaches the organization.