1.6 KiB
1.6 KiB
Lab SEC-5: Social Engineering and Attack Scenario Matching
Domain:
- 2.0 Security
Works on:
- Windows
- Linux
- Scenario/tabletop practice
Goal
Recognize common social engineering and attack patterns. This lab does not perform attacks.
Safe Inspection Commands
Windows:
arp -a
netstat -ano
ipconfig /all
whoami /groups
Linux:
ip neigh
ss -tulpn
ip route
id
Record:
- Default gateway:
- One ARP/neighbor entry:
- One listening port or active connection:
- Current user/group context:
Scenario Matching
For each scenario, identify the attack and one mitigation.
- A text message says your package cannot be delivered unless you click a link.
- A caller says they are from IT and need your MFA code.
- An email to payroll requests changing direct deposit information.
- An attacker sets up a fake coffee shop Wi-Fi network with the same name as the real one.
- A user lets someone into a locked building because they say they forgot their badge.
- A website comment field stores malicious JavaScript that runs for every visitor.
- A login system is attacked with millions of password guesses.
- A vendor update installs a backdoor.
- A web form lets an attacker change a database query.
- A service is unavailable because thousands of systems flood it with traffic.
What You Should Learn
- Social engineering attacks exploit trust and urgency.
- Web attacks often target unsafe input handling.
- DDoS uses many attack sources.
- Evil twins imitate trusted Wi-Fi.
- Supply chain attacks abuse trusted vendors or updates.