The VX-Files
The VX-Files
  • README.txt
  • For updates, questions, suggestions or just chatting: @malcrvz
  • Download your own local copy or check my other libre projects: Github/malcrvz
  • 📕Cybersecurity Theory
    • Index
      • Malware types
        • Viruses, worms and Trojans
        • Backdoors, Rootkits and Spyware
        • Botnets, DDoS and Spammer
        • Ransomware
        • Scareware and Adware/PUP/PUA
        • Downloaders and Launchers
        • Hacktool
        • APT - Advanced Persistent Threat
      • Social engineering techniques
        • Phishing
        • Pretexting
        • Baiting
        • Quid pro quo
        • Tailgating
      • Cryptography
        • Hash functions
        • Symmetric, Asymmetric and Hybrid cryptography
        • Digital signatures & Digital certificates
        • TLS Protocol
      • Pentesting methodology & Techniques
        • CIA Triad - Confidentiality, Integrity & Availability
        • The methodology steps
        • Pre-Engagement
        • Information Gathering
          • HTTP status codes
          • robots.txt
        • Vulnerability Assessment
        • Exploitation
          • Password cracking
        • Post-Exploitation & Persistence
          • Types of Shells
        • Privilege Escalation & Lateral Movement
        • Reporting & Remediation
  • 🐧Linux Essentials
    • Index
      • 1, 0, bits, Bytes: Units of digital information
      • User management
      • Packet management
      • Privileges & sudo
      • Passwd & Shadow files
      • Managing files, links and regex
      • find
      • Terminal/TTY
      • SSH
  • 🪟Windows Essentials
    • Index
      • CLI user management
      • CMD File management
  • 🌍Networking Essentials
    • Index
      • Windows CLI IP management
      • Linux IP management
      • Linux CLI Wi-Fi connection
  • 🕸️Network Pentesting
    • Tools
      • 1. Pre-Engagement
        • OpenVPN
      • 2. Information gathering
        • cURL & wget
        • Nmap
        • arp
        • Netcat
        • whatweb
      • 3. Vulnerability assessment
        • smbclient
      • 4. Exploitation
        • Metasploit
        • Hashcat
        • John the Ripper
      • 5. Post-Exploitation & Persistence
        • SSH
      • 6. Privilege escalation & Lateral movement
        • Possible privilege escalation vectors - Auto-enumeration scripts
      • 7. Reporting & Remediation
    • Techniques
      • Upgrade reverse shell to interactive
      • Transferring files to/from remote victim
      • Possible privilege escalation vectors - Manual checklist
    • Resources
      • Manufacturer default passwords lists
        • IP Cameras
      • Get Shells
  • 💉Web App pentesting
    • Tools
      • CeWL
      • Gobuster
      • whatweb
    • Techniques
      • Command injection
    • Resources
      • Reverse Shells
      • Bind Shells
  • 📡Wireless pentesting
    • Tools
    • Techniques
    • Resources
  • 🔓On-Premises Pentesting
    • Tools
    • Techniques
      • Removing Linux user passwords
      • Removing Windows user passwords
    • Resources
  • 💽Disks & Forensics
    • Index
      • Getting a disk ready
      • Inodes & Sectors
      • Recover deleted files
      • BUILDING - Secure file deletion
  • 🕷️Bash scripts
    • coming soon
  • ⚡PowerShell Scripts
    • coming soon
  • 🟩HTB Walkthroughs
    • coming soon
  • 🏴‍☠️External Resources
    • Schools
    • Books & Wikis
    • Utilities
    • Interactive cheat sheets
    • Wordlists
Powered by GitBook
On this page
  • USB drop attack
  • Fake WiFi Hotspot
  • Evil Twin Attack
  • QR Code scam
  • Social Media scam
  • Free gift scam
  • Black Hat SEO
  1. Cybersecurity Theory
  2. Index
  3. Social engineering techniques

Baiting

Involves the use of enticing offers, promises or deceptive scenarios to lure victims into a trap. The goal is to exploit human psychology and curiosity to make people more susceptible to manipulation

USB drop attack

Bad actors will drop a USB full of malware in the ground and wait for somebody to pick it up and plug it into the system out of curiosity. If it's a tailored attack it will be dropped at the surroundings of the victim.

Fake WiFi Hotspot

Bad actors will create a fraudulent Wi-Fi hotspot, giving away internet access for free without passwords. Data traveling through this hotspot will be captured and the actor also can execute man in the middle attacks, spoofing, altering or injecting malicious content into the communications between the victim and the internet.

Evil Twin Attack

Similar as Fake Wi-Fi hotspot, bad actors will create a free for all hotspot but mimicking a legitimate entity, for example a restaurant. Evil twin term is used because the rogue access point is essentially a duplicate "twin" of the legitimate network. Unsuspecting users will have its internet traffic captured or even manipulated by a man in the middle attack.

QR Code scam

Bad actors will stick posters with QR codes in the proximity of the victim or just at random, with a fake enticing lure. The link of the QR will send victims to a malicious website.

Social Media scam

Refers to any baiting or scam done through social media platforms, the most common place as it offers practically infinite victims from all around the world. The bad actor will use a fake profile from where it will deploy scams while its real persona remains hidden.

Free gift scam

Bad actors will send the victims fake gift emails, notices, cards, etc. Manipulating the victims into believing they won something and that they need to enter its data to retrieve it or just lure them into a malicious link to receive the gift.

Black Hat SEO

Bad actors use Search Engine Optimization (SEO) unethical techniques to place its malicious website at the top of the search engines results to gain victims as people will always trust the first links more. It can also manipulate advertisement placing in systems as for example Google Ads as they will appear first.

Last updated 1 year ago

📕