# Lab SEC-5: Social Engineering and Attack Scenario Matching

Domain:
- 2.0 Security

Works on:
- Windows
- Linux
- Scenario/tabletop practice

## Goal

Recognize common social engineering and attack patterns. This lab does not perform attacks.

## Safe Inspection Commands

Windows:

```powershell
arp -a
netstat -ano
ipconfig /all
whoami /groups
```

Linux:

```bash
ip neigh
ss -tulpn
ip route
id
```

Record:
- Default gateway:
- One ARP/neighbor entry:
- One listening port or active connection:
- Current user/group context:

## Scenario Matching

For each scenario, identify the attack and one mitigation.

1. A text message says your package cannot be delivered unless you click a link.
2. A caller says they are from IT and need your MFA code.
3. An email to payroll requests changing direct deposit information.
4. An attacker sets up a fake coffee shop Wi-Fi network with the same name as the real one.
5. A user lets someone into a locked building because they say they forgot their badge.
6. A website comment field stores malicious JavaScript that runs for every visitor.
7. A login system is attacked with millions of password guesses.
8. A vendor update installs a backdoor.
9. A web form lets an attacker change a database query.
10. A service is unavailable because thousands of systems flood it with traffic.

## What You Should Learn

- Social engineering attacks exploit trust and urgency.
- Web attacks often target unsafe input handling.
- DDoS uses many attack sources.
- Evil twins imitate trusted Wi-Fi.
- Supply chain attacks abuse trusted vendors or updates.