Time
33 hours 23 minutes
Difficulty
Beginner
CEU/CPE
33

Video Transcription

00:00
Hello and welcome back to Sai Berries. 2019 Camp Tia Security Plus Certification Preparation Course.
00:09
We can continue our in our discussion of module one,
00:12
and the top of discussing is domain one.
00:15
Threats, attacks and vulnerabilities.
00:19
Let's not take a look at our next loan objective, which encompasses this particular remain
00:24
and its title compare and contrast types of attacks
00:28
before we get going here today. Perhaps the best place begins by taking a look at a pre assessment question, and the question is as follows.
00:37
What kind of attack is most likely when you're doing sensitive work on your laptop at a coffee shop? Is it a piggybacking?
00:45
Be dumpster diving, sea shoulder surfing or D smurfing?
00:51
If you should let the sea you're absolutely correct. Shoulder surfing is a particularly dangerous when you're in public.
00:58
Here again are the objectives which encompasses this particular objective or, in other words, the topics of discussion ranging from social engineering, fishing, spear fishing, whaling, missing,
01:10
interrogating, impersonation, dumpster diving, shoulder surfing, hoax and water hole
01:17
type attacks.
01:19
Additionally, principal reason for effectiveness authority, intimidation, consensus scarcity from your alley
01:26
trust as well. It's urgency,
01:30
so let's not begin by first are taking a look at defining exactly what social engineering is all about. Now, social engineering is the art of deceiving people.
01:38
Attacks happen via email, over the phone and in person. Socially in there is one of the most dangerous kinds of attacks because it's high success rate. Here are some type of social immune attacks cover by the security. Plus example,
01:53
social engineering is a method used to gain access to data systems or network primary through misrepresentation.
02:00
This technique typically rise on trusting nature of the person being attacked.
02:04
Social Indian was initial associate with the social signs. However, the way is used also makes it relevant to computer professional, as it is a significant threat to any system security.
02:15
Therefore, social engineering attack categories there are number of different categories. We're gonna explore doing this particular video. First off, let's define what is fishing on about
02:25
now. It's the most popular form of social near intact, conducted through digital communication.
02:31
It's the It's an a fortune attempt to obtain, since information such as user name, password and credit card detail by disguising as a trustworthy in any in Elektronik communication,
02:43
then we have spearfishing now This is a kind of phishing attack that is target to a specific group or individual,
02:51
unlike phishing attack, which are not personalized to their victim, and I use the sent to the masses of people at the same time. Spear efficient aim at target. Individuals
03:01
Well fishing is a term used inscribed phishing attacks that typically aimed at wealthy, powerful or prominent individuals.
03:09
Visit is an electronic fraud tactic in which individual are tricked into revealing critical financial or personal information to authorize entities.
03:20
Tailgating is a means to compromise physical scary, followed by somebody follow other words following someone through a door meant to keep out intruders.
03:29
Impersonation is an attack in which the adversaries assessed, assumed the identity of one of legitimate parties in a system or in a communication type protocol.
03:38
Continue on with our social near intact categories. We have Dumpster diving.
03:45
Dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network.
03:51
Dumpster diving isn't limited to searching through the trash for obvious treasures like Access Cole's a password written down on sticky notes.
03:59
Then we look at show the surface is a kind of social nearing technique used obtain information such as person identification number passwords in any other confidence. Invasion information by looking over the victim's shoulder
04:12
hoax is a message warning
04:15
basic to recipient of non existent computer virus threats. The message is Julie. A chain email that tells the recipient afforded to somebody they know
04:25
waterhole watering hole Attack is a security expert in which Attacker six to compromise a specific group of end uses by infected websites that members of the group unknown to visit.
04:39
Then we have authority.
04:41
The attacker impersonate others to get people to do something. For example, many have call uses on the phone. Clement. They work for Microsoft
04:49
intimidation. This is what attack attempts to intimidate the victim into taken action.
04:55
Intimidation must be through bullying tactics and often combined with Impersonating someone else.
05:01
Consensus is what attacker takes advantage of this by creating websites with fake testimony that promote a product. For example,
05:10
a criminal makes set up some website with dozen testimony listing all the benefits of their fake antivirus software.
05:17
Scarcity is often used in social nearing context to create feelings of Ernest C. In a decision making context.
05:25
This urges it can often lead to manipulation the decision making process allowing to such a near to control the information provided to the victim
05:33
from a rally. The social and injure name, person or attacker attempts to build report with the victim to build a relationship before launching the attack.
05:44
Then we have trust
05:46
in order to influence of others. Attackers need to build trust. Trust is what makes a potential victim less likely to coarsen the hacker and most likely provide information to him or her.
05:57
Then we have urgency.
05:59
Met a hacker make creates a false sense of urgency to trick you into taking action before thinking
06:05
continue on what some additional object was. Encompasses it atop his other words that encompass comparing their trash, the type of tax we continue on by taking a look at applications service attacks, which again is dogs? DDOS. We have men in the middle
06:20
Buffalo overflow injection, cross site scripting, cross site request forgery all way down to the main hijacking so that for you, let's take a look at application or service type attacks.
06:33
The first Adama's dolls. Now this is a cyberattack in which the perpetrator six to make a machine on network resource unavailable to his intendant user by temporarily or indefinitely disrupting the service of the host connected to the Internet.
06:48
DDOS occurs where multiple systems flood the bandwidth or resource is of a target system. Use the warm or Web service
06:58
men in the middle. Attackers attack with attacker, secretly relates and possibly alters the communication between two parties who believe they are directly communicate with each other.
07:08
Buffalo flow occurs. Wilmore data is put into the fixed buffer than the buffet can handle. The extra information, which has to be go somewhere, can overflow into adjacent members space corrupting overriding the data held in that space
07:24
injection. The attacker supplies untrusted input to a program. This input gets possessed by the interpreter as part of a command a quarry. In turn, this alter the execution of that program.
07:38
Cross site scripting is an intact is a type of injection in which Melissa scripts or injected to otherwise by nine and trusted Website X s attack occurs with attacker uses your web applications, said malicious code journaling in the form of browser side script to different in users.
07:59
Cross site request forgery is on attack. Vector that tricks aware browse into executing an unwanted action in an application to was, a user is logged in
08:09
privilege. Escalation is a pricing or act of exploring the book. A design flaw or configuration oversight in operates system or software application to gain elevator access to resource is that normally protected from an application or users.
08:26
ARC Portion is a former attack in which attacker changes the media Access control or MAC address and attacks and Ethernet land by changing targeting pewter. Our cash with a fortune are other address resolution protocol requests and reply packages.
08:43
Amplification is a natural or artificial device intended to make a signal stronger.
08:50
The N s posing is an attack that uses alter domain naming records to redirect traffic to a fraudulent
08:56
site. In other words, we look at DNA is what it does. It converts your i p address other words like, for example, Microsoft to an I P address and what happens in this case, the attacker uses the altar domain name record to redirect traffic to a fortune site. In this case,
09:13
domain. Hajek is an act of changing the registration of their main aim without the permission of us original register or Bruce Ah, privileged owner, the main hosting or register type software system.
09:26
At this point, we have our post assessment quiz, and the question is, Fall, in fact, is a true or false questions
09:33
a DOS attack in cyber attack and was perpetrated six to make a machine or network we saw unavailable to its on it for its intended user by temporary in definitely disrupted this services off a host connected in that Is that true or false?
09:48
If you said, like a true that's absolutely correct. Or the dog is a cyber attack in which a perpetrator, when he or she six to do, is to make that machine or your network resource unavailable to its intended users by temporarily or indefinitely disrupting services off a host connected to the Internet
10:05
and our upcoming video. We continue on what the main one, which is titled Threats, Attacks and Vulnerabilities. In fact, we continue our discussion off one point to compare and contrast types of attacks.
10:18
So you in the next video

Up Next

CompTIA Security+

Interested in the cybersecurity industry? The CompTIA Security+ is the gold standard for those looking to enter the cybersecurity industry. Join thousands of professionals who have gained this certification through this course and launched their careers in information security.

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor