The VX-Files
The VX-Files
  • README.txt
  • For updates, questions, suggestions or just chatting: @malcrvz
  • Download your own local copy or check my other libre projects: Github/malcrvz
  • 📕Cybersecurity Theory
    • Index
      • Malware types
        • Viruses, worms and Trojans
        • Backdoors, Rootkits and Spyware
        • Botnets, DDoS and Spammer
        • Ransomware
        • Scareware and Adware/PUP/PUA
        • Downloaders and Launchers
        • Hacktool
        • APT - Advanced Persistent Threat
      • Social engineering techniques
        • Phishing
        • Pretexting
        • Baiting
        • Quid pro quo
        • Tailgating
      • Cryptography
        • Hash functions
        • Symmetric, Asymmetric and Hybrid cryptography
        • Digital signatures & Digital certificates
        • TLS Protocol
      • Pentesting methodology & Techniques
        • CIA Triad - Confidentiality, Integrity & Availability
        • The methodology steps
        • Pre-Engagement
        • Information Gathering
          • HTTP status codes
          • robots.txt
        • Vulnerability Assessment
        • Exploitation
          • Password cracking
        • Post-Exploitation & Persistence
          • Types of Shells
        • Privilege Escalation & Lateral Movement
        • Reporting & Remediation
  • 🐧Linux Essentials
    • Index
      • 1, 0, bits, Bytes: Units of digital information
      • User management
      • Packet management
      • Privileges & sudo
      • Passwd & Shadow files
      • Managing files, links and regex
      • find
      • Terminal/TTY
      • SSH
  • 🪟Windows Essentials
    • Index
      • CLI user management
      • CMD File management
  • 🌍Networking Essentials
    • Index
      • Windows CLI IP management
      • Linux IP management
      • Linux CLI Wi-Fi connection
  • 🕸️Network Pentesting
    • Tools
      • 1. Pre-Engagement
        • OpenVPN
      • 2. Information gathering
        • cURL & wget
        • Nmap
        • arp
        • Netcat
        • whatweb
      • 3. Vulnerability assessment
        • smbclient
      • 4. Exploitation
        • Metasploit
        • Hashcat
        • John the Ripper
      • 5. Post-Exploitation & Persistence
        • SSH
      • 6. Privilege escalation & Lateral movement
        • Possible privilege escalation vectors - Auto-enumeration scripts
      • 7. Reporting & Remediation
    • Techniques
      • Upgrade reverse shell to interactive
      • Transferring files to/from remote victim
      • Possible privilege escalation vectors - Manual checklist
    • Resources
      • Manufacturer default passwords lists
        • IP Cameras
      • Get Shells
  • 💉Web App pentesting
    • Tools
      • CeWL
      • Gobuster
      • whatweb
    • Techniques
      • Command injection
    • Resources
      • Reverse Shells
      • Bind Shells
  • 📡Wireless pentesting
    • Tools
    • Techniques
    • Resources
  • 🔓On-Premises Pentesting
    • Tools
    • Techniques
      • Removing Linux user passwords
      • Removing Windows user passwords
    • Resources
  • 💽Disks & Forensics
    • Index
      • Getting a disk ready
      • Inodes & Sectors
      • Recover deleted files
      • BUILDING - Secure file deletion
  • 🕷️Bash scripts
    • coming soon
  • ⚡PowerShell Scripts
    • coming soon
  • 🟩HTB Walkthroughs
    • coming soon
  • 🏴‍☠️External Resources
    • Schools
    • Books & Wikis
    • Utilities
    • Interactive cheat sheets
    • Wordlists
Powered by GitBook
On this page
  • Piggybacking
  • Keylogging
  • Dumpster Diving
  • Shoulder Surfing
  • Eavesdropping
  • Credit Card skimming
  • Bluetooth hacking
  1. Cybersecurity Theory
  2. Index
  3. Social engineering techniques

Tailgating

Refers to attacks where bad actors use real world manipulation techniques to gain access or data on victims. It involves being around the victim and using deception and psychological tricks to spy on the victim or use their person as a means to an end.

Piggybacking

Term coming from the analogy of someone riding in the back of another person. Bad actor will roleplay and even dress as an employee or service worker to gain access to a building by entering just behind a real authorized person, exploiting human trust and "not wanting to be impolite by not holding the door". People often don't suspect if they enter with enough confidence and even if its strange they will probably not want to be rude by asking.

Keylogging

Bad actors will manipulate a system to capture the keystrokes on a small hidden computer around. Often done on ATM machines by placing a fake keyboard over the real one and a card reader over the real one too, having both credit card number and PIN stored, the attacker will return in some time and retrieve the data.

Dumpster Diving

Bad actors will look for data on dumpsters around the target company. Overconfident companies will put papers containing tons of data over trash, not securely destroying them before. An attacker can even roleplay as a homeless person to pass unnoticed.

Shoulder Surfing

Bad actor will literally look over someone's shoulder, use binoculars, surveillance cameras or simply follow around a victim to steal data, for example the PIN introduced in a ATM machine or credentials on a smartphone.

Eavesdropping

Bad actor will try to remain as unnoticed as possible, even using disguises, to stay close to victims and eavesdrop data such as personal information that they will use later on more tailored attacks. Attacker could also plant listening devices around the victim premises or even in his personal belongings to listen even further and more private conversations.

Credit Card skimming

Bad actors use manipulated card devices to capture the data from the magnetic stripe of a credit card, posing for example as street vendors or charity organizations, unsuspecting victims will insert the card into the compromised device and then later, the attacker will use this information to make transactions into crypto accounts or exploit credit card systems into buying lots of small things that will not ask for a PIN.

Bluetooth hacking

Bad actors will exploit vulnerabilities in the Bluetooth protocol to steal data from the victim, by creating a fake device to connect. Once connected, the exploit will automatically execute and the attacker will exfiltrate the data.

Last updated 1 year ago

📕