Please enable JavaScript.
Coggle requires JavaScript to display documents.
Pen test Plan (Attacks & Exploits) (Network-Based Exploits: (DNS…
Pen test Plan (Attacks & Exploits)
Phishing:
Legitimate Impostor
Spear Phishing
One Target
Good for attacking companies
Very Specific
Contacted by email (Usually)
Whaling
A Larger Scale phishing attack
Large organisations
MITM Attack:
ARP?
Evil Twin?
DNS?
Pass the Hash?
Network-Based Exploits:
NET BIOS?
LLMNR?
DNS Poisoning
ARP Poisoning
Overall Port exploits
SMB exploit
SMTP exploit
Social Engineering:
Willingness
Human Error
Tricking people
Impersonation
Shoulder Surfing
Wireless Exploits:
Karma Attack
Downgrade Attack
WPS implementation Attacks
Fragmentation Attack
Credential Harvesting
Bluetooth Exploits:
Blue-Snarfing
RFID Attacks (Contact less/Radio Frequency/Copying of Signals/etc)
Blue-Jacking?
Jamming:
DDOS/DOS Attack
Repeating
Not Stealthy
Local Host Exploits
CVE
SGID
SUID
Application Attacks:
Injection:
SQL
XSS
HTML
Code
Command
File Intrusion
CSRF
Clickjacking
Session Hijacking
Credential Brute-Forcing
Weak Credentials
Privilege Escalation
Physical Security
Shoulder surfing
Piggybacking
Fence Jumping
Dumpster Diving
Lock Picking