Attack Hacking 101

Hardware Attacks

There are some attacks that you can use to test the physical security of the target’s hosts, rather than testing them from a purely virtual space. Note that these tests are technical in nature, and usually involve vulnerabilities in how the host’s hardware is configured. Also, these attacks are not OS-specific—because they are hardware-based, they […]


Specialized Systems

Mobile Devices Mobile devices, particularly smartphones and tablets, are an important tool in many organizations. In today’s world, an employee’s mobile device might be just as attractive to an attacker because it can hold sensitive company data and private personal data, not to mention its usefulness as an authentication mechanism. Therefore, it may be in […]


Common Attack Techniques

The specific attacks a pen test team chooses will depend on the target environment. However, there are common attacks that every chief information security officer (CISO) should worry about. These include: Social engineering, including phishing and malware distribution Injection attacks, including SQL injection, cross-site scripting (XSS), cross-site request forgery (XSRF), and directory traversal Denial of […]