63 lines
1.6 KiB
Markdown
63 lines
1.6 KiB
Markdown
# Lab SEC-5: Social Engineering and Attack Scenario Matching
|
|
|
|
Domain:
|
|
- 2.0 Security
|
|
|
|
Works on:
|
|
- Windows
|
|
- Linux
|
|
- Scenario/tabletop practice
|
|
|
|
## Goal
|
|
|
|
Recognize common social engineering and attack patterns. This lab does not perform attacks.
|
|
|
|
## Safe Inspection Commands
|
|
|
|
Windows:
|
|
|
|
```powershell
|
|
arp -a
|
|
netstat -ano
|
|
ipconfig /all
|
|
whoami /groups
|
|
```
|
|
|
|
Linux:
|
|
|
|
```bash
|
|
ip neigh
|
|
ss -tulpn
|
|
ip route
|
|
id
|
|
```
|
|
|
|
Record:
|
|
- Default gateway:
|
|
- One ARP/neighbor entry:
|
|
- One listening port or active connection:
|
|
- Current user/group context:
|
|
|
|
## Scenario Matching
|
|
|
|
For each scenario, identify the attack and one mitigation.
|
|
|
|
1. A text message says your package cannot be delivered unless you click a link.
|
|
2. A caller says they are from IT and need your MFA code.
|
|
3. An email to payroll requests changing direct deposit information.
|
|
4. An attacker sets up a fake coffee shop Wi-Fi network with the same name as the real one.
|
|
5. A user lets someone into a locked building because they say they forgot their badge.
|
|
6. A website comment field stores malicious JavaScript that runs for every visitor.
|
|
7. A login system is attacked with millions of password guesses.
|
|
8. A vendor update installs a backdoor.
|
|
9. A web form lets an attacker change a database query.
|
|
10. A service is unavailable because thousands of systems flood it with traffic.
|
|
|
|
## What You Should Learn
|
|
|
|
- Social engineering attacks exploit trust and urgency.
|
|
- Web attacks often target unsafe input handling.
|
|
- DDoS uses many attack sources.
|
|
- Evil twins imitate trusted Wi-Fi.
|
|
- Supply chain attacks abuse trusted vendors or updates.
|
|
|