attacks using local system
TRANSCRIPT
CertifiedPenetration Testing
Attacks Using Local System:
• Session Hijacking
• Windows Hacking• Scanning
• Phishing
Windows HackingHacking : -Art of exploring various security breaches is termed as Hacking.
-Legal or illegal but unauthorised way of bypass any security mechanism
Windows Hacking – Art Of windows Security bypass and Find Loop whole and vulnerability is call a windows Hacking
Compute security :
• BIOS –Password• Syskey• Login
PhishingPhishing: -Spear phishing is a targeted email scam with the sole purpose of obtaining unauthorized access to sensitive data
Phishing attacks generally target:
* Bank information – e.g. VISA and PayPal accounts.* Username and password information.* Social Security numbers.* Information which can be used to retrieve forgotten or lost credentials.
MOBILE PHISHING:
Phishing scams are not limited to the internet. Some phishers use the telephone to make requests for information. If you get a call from your banking institution asking for personal information, hang up and call your bank directly. Your bank will have your social security number and account information on file and should only ask you to verify a few digits.
like Iphone,Apple ,iTunes n more...By SMS
EXAMPLE:-
>>Congratulations! Your mobile phone has won US$ 10 Million prize money. To claim your money, call this number XXXXXXXX,give your permanent address,pin number,account number or credit card number...
ScaningScanning is basically use to scan local LAN and NETWORK It also motoring To all Input and output data packets and connections
• Angry IP Scanner• NetScan Tools• Unicorn scan• Nmap
Example : netstat –an
Session HijackingSession hijacking can be done at two levels:
• Network Level• Application Level.
Network layer hijacking involves TCP and UDP sessions, whereas Application level session hijack occurs with HTTP sessions. Successful attack on network level sessions will provide the attacker some critical information which will than be used to attack
application level sessions, so most of the time they occur together depending on the system that is attacked. Network level attacks are most attractive to an attacker because they do not have to be customized on web application basis; they simply attack the data flow of the protocol, which is common for all web applications