Posted In:Definitions Archives - Pentest Geek
So what is Email Phishing?
Email Phishing is a fraudulent attempt to entice a user to perform an action; often appearing to come from legitimate businesses (e.g., your company, your internet service provider, your bank, etc.). The result of performing an action like clicking on an email link or opening an email attachment can lead to exposure of sensitive information such as usernames, passwords, or a potential compromise of the underlying operating system itself.
Adversaries will often target and send phishing links through email where the victim is prompted to click on a link within the email body. The target will get navigated to a phishing page that pretends to be legitimate and authoritative. At this point the phishing page may ask the user to login where credentials will be harvest or download a fictitious update which is really a malicious binary.
Email Phishing is an example of a social engineering techniques used to deceive users, and exploit weaknesses in a current organizations security posture. Email Phishing when partnered with email spoofing can present the look and feel which resembles that of the legitimate business or brand the adversary may be impersonating. This combination when done properly can yield incredibly high click through ratios which present a risk to organizations everywhere.
Email Phishing is a specific type of phishing in general. Phishing generally speaking comes in many different forms including, but not limited to:
- Spear Phishing are phishing attempts which are directed at specific individuals. Often times targeting a low number of specific individuals can help a phishing operation remain stealth.
- Clone Phishing are phishing attacks whereby a legitimate vendor is impersonated. Often times this is done by leveraging an existing email which has been delivered and replacing the primary link with a malicious link that an adversary controls.
- Whaling are phishing attacks specifically directed at senior executives and other high-profile targets within the business. Content is typically crafted to target executive level folks and tailored toward the organization.
- SMS Phishing (smishing) is when phishing attacks are performed over cell phone text messages as a medium to transfer the content.
- Voice Phishing is when an adversary performs phishing by contacting over the phone and attempting to impersonate someone authoritative in an effort to entice the target to perform some action.
Penetration Testing: What It Is
Penetration testing is an offensive security exercise conducted by an organization with the intent to uncover security weaknesses and ultimately help strengthen their defense mechanisms, threat detection capabilities and response times. Traditionally, penetration testing is performed by an independent third-party with little to no upfront knowledge of their target organization. This is done to imitate an adversary who is targeting the organization with nefarious intent.
SOCKS Proxy: Definition
A Socket Secure Proxy (SOCKS Proxy) is a Layer 5 tunnel usually implemented via SSH which allows a user to forward TCP traffic through an encrypted tunnel to a destination server. This causes the packet’s source IP Address to appear as if it was originating from the proxy server or Jump Box rather than the user’s machine.
In above example, the proxy server is acting as the Man In The Middle. A SOCKS Proxy can be especially useful during a penetration test when you need to obey the Rules Of Engagement and ensure that all testing traffic originates from a designated source IP or range of IPs.
Man In The Middle Definition:
The term “Man In The Middle” (MiTM) refers to a network layer attack vector used to capture credentials, session tokens and other sensitive information that an attacker could leverage to gain unauthorized access to systems and data.
The underlying concept of a man in the middle attack is quite simple. An attacker places themselves directly in between the communication stream of a victim machine and their default gateway (usually a router or switch). This can be accomplished physically by placing a small device such as a “Drop Box” in between the victim and the gateway. Or virtually by sending spoofed Address Resolution Protocol (ARP) broadcasts to the victim and gateway causing them to update their ARP tables to point to the attacker’s machine.
- Playing With the New Burp Suite REST API
- Burp Suite 2.0 Beta Review
- Attacking Palo Alto Networks PAN-OS ‘readSessionVarsFromFile()’
- GPG Errors While Updating Kali Linux
- Installing Kali NetHunter on HTC Nexus 9
Subscribe To Our Mailing List
Want To Be a Better Pentester
Subscribe to our mailing list and recieve FREE pentest tips, tricks, product reviews, news, article release notifications and more!
Become a Web App Penetration Tester
- Burp Suite
- Forensics and Incident Response
- Information Gathering
- Penetration Testing Tutorials
- Web Applications
Web Application Hacking