New Training: Leverage Information for Exploitation

In this 6-video skill, CBT Nuggets trainer Shawn Powers teaches you how to explain the process of leveraging information in order to prepare for the exploitation of systems. Watch this new CompTIA training.

Learn CompTIA with one of these courses:

• CompTIA PenTest+ (PT0-001)

• Information Gathering and Vulnerability Scanning for Penetration Testing

This training includes:

• 6 videos

• 25 minutes of training

You’ll learn these topics in this skill:

• Intro to Exploitation

• Mapping Vulnerabilities to Potential Exploits

• Prioritizing Pentest Activities

• Implementing Exploits

• Learning Password Cracking Methods

• Understanding Social Engineering

Why Social Engineering is the Hardest Attack to Defend Against

Social Engineering is by far the hardest attack vector for IT security admins to mitigate. Unlike exploits in software, social engineering attacks can't be patched. Why is that?

Social engineering is the act of influencing a person to do something or offer information that a threat actor would not otherwise have access to. Unfortunately, social engineering is a highly successful attack vector.

There are many reasons for this, but typically social engineering works so well because employees have jobs they must perform that contradict the notion of security. For instance, the Twitter account for its CEO was hacked recently. Hackers didn't gain access to Jack Dorsey's account through flaws in Twitter's systems. Instead, they gained access to his account through social engineering a SIM jacking attack with Dorsey's cell phone provider. Hackers convinced customer service agents to swap sim cards on Jack's account. That provided those attackers access to his phone calls and text messages.

How can social engineering be mitigated? Security experts will need to fully understand social engineering attacks so they can train staff to recognize and stop threats.