Spear-phishing is an attempt by a hacker to obtain confidential information about a user through fraudulent means by targeting a specific employee in order to gain access to information. While phishers are usually attempting to steal from the victim, spear phishers attempt to compromise the victim’s company’s network and systems to steal corporate secrets, intellectual property, customer details and other valuable information. “Spear phishers play on people’s emotions, and often use curiosity, fear or the offer of a reward to arouse interest,” says Scott Greaux, a VP at anti-spear phishing training firm Phishme by use of email. Spear phishing uses the weakest point in security and that is us (people) as Bruce Schneier states “People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.” by use of social engineering to deceit, manipulate and “influence to convince a human who has access to a computer system to do something, like click on an attachment in an e-mail.” ~ Kevin Mitnick. Fig. I – Spear Phising Continue reading Spear Phishing – Simple, very effective and most prevalent social engineering hacking technique
“If you know the enemy and know yourself you need not fear the results of a hundred
battles.” – Sun Tzu, Ancient Chinese Strategist and Philosopher
The purpose of this a study is to conduct a pen test in android-based tablet. The pen test
was implemented in a manner that simulated a malicious attacker engaging in a targeted
attack against the tablet with the goal of pinpointing how an attacker could penetrate
android-based tablet security features. The assessment was conducted in accordance with
the recommendations outlined in NIST SP 800-115 penetration testing guidelines.
The results of this assessment will be used by Network administrators, Information security
managers and Information system auditors on how to make decisions on securing tablets
and Bring Your Own Device (BYOD) accessing the organization network. All tests and
actions were conducted under controlled conditions and a report written with detailed
explanation of the activities involved and the objective of the test.