New Training: Leverage Information for Exploitation
In this 6-video skill, CBT Nuggets trainer Shawn Powers teaches you how to explain the process of leveraging information in order to prepare for the exploitation of systems. Watch this new CompTIA training.
Learn CompTIA with one of these courses:
This training includes:
25 minutes of training
You’ll learn these topics in this skill:
Intro to Exploitation
Mapping Vulnerabilities to Potential Exploits
Prioritizing Pentest Activities
Learning Password Cracking Methods
Understanding Social Engineering
Why Social Engineering is the Hardest Attack to Defend Against
Social Engineering is by far the hardest attack vector for IT security admins to mitigate. Unlike exploits in software, social engineering attacks can't be patched. Why is that?
Social engineering is the act of influencing a person to do something or offer information that a threat actor would not otherwise have access to. Unfortunately, social engineering is a highly successful attack vector.
There are many reasons for this, but typically social engineering works so well because employees have jobs they must perform that contradict the notion of security. For instance, the Twitter account for its CEO was hacked recently. Hackers didn't gain access to Jack Dorsey's account through flaws in Twitter's systems. Instead, they gained access to his account through social engineering a SIM jacking attack with Dorsey's cell phone provider. Hackers convinced customer service agents to swap sim cards on Jack's account. That provided those attackers access to his phone calls and text messages.
How can social engineering be mitigated? Security experts will need to fully understand social engineering attacks so they can train staff to recognize and stop threats.