Gain insights into web app vulnerabilities and attack methods, delve into penetration testing with Kali Linux, and explore tools for enhancing information security using Python, web tech, and network management.

webpen.tar.gz

shodan_api

Wireshark

chrome

Burp

frog

proxychains

encoder

setoolkitChrome

chromeShark

juiceshop

BurpChrome

This course is intended for people interested in information security—particularly in the penetration testing of various websites—to identify the security flaws present in the majority of newly developed websites and how to fix them. 

You will learn web penetration testing techniques using the Kali Linux operating system. You will be introduced to Python programming, web server technology, network management, open source intelligence, cross-site scripting, SQL injection, authentication and authorization in systems, cross-site request forgery, social engineering attacks, and concepts in information security management. 

Your knowledge of the various web application vulnerabilities and attack methods will be enhanced after taking this course. You will get hands-on experience with many tools used in online penetration testing in cyber security.

Web Application Penetration Testing

# Overview

When people mention social engineering, they're generally thinking of phishing, especially with emails. There are a lot of other vectors that can be used as well. After going through the general process of a phishing attack, we'll take a deeper look at some common strategies adversaries use when employing it.

# The phishing process

Let's  go through how a phishing attack typically works:

1. The adversary creates a fraudulent website, email, or some other communication channel that appears to be both legitimate and trustworthy.

2. The adversary sends the fake or fraudulent channel to the victim either directly, through spam, through a targeted email or messaging campaign, or by pretending to be a service that the target uses frequently.

3. The victim falls for the adversary's trick and is persuaded to do the ill-intended action, such as clicking on a malicious link or giving personal information in a fake form.

4. The adversary collects the victim's sensitive information, which can then be used to access their accounts or masquerade as them for other attacks.

# Phishing strategies

There are numerous different types of phishing attacks. The aim of some is to lead to other attacks, while others are just for simple credential harvesting. In the real world, a sophisticated adversary is often found using phishing vectors in conjunction with other attacks to truly get to the depths of a target network or system.

Depending on the target, adversaries may employ different strategies for phishing. Let's take a look at some common ones.

## Mass phishing

An example of **mass phishing** is where one email with malicious content is sent to several users within a network. The adversary hopes that at least one user will fall for the trap and interact with the malicious content. After this, the adversary can simply and quickly harvest their victim's information.

The idea here is that the malicious email is supposed to look like it's come from a trusted source, thereby tricking the victims. A common tactic is to pretend to be from the target's IT department and aim for less tech-savvy victims.

## Spear phishing

**Spear phishing** is simply targeted phishing. Instead of employing the use of mass email or messaging campaigns, the adversary conducts detailed research on specific targets and generates an email or message to trick them.

## Whaling

**Whaling** is simply spear phishing, but the target is way more important, and the stakes are much higher. In the context of this strategy, CEOs, CFOs, and other executives are known as **whales**.

Whales are expected to have extensive training against phishing, so in-depth recon is generally required to successfully trick them. A common tactic is to first spear phish a target close to a whale and then use that target's data to trick the whale.

## Pharming

**Pharming** is an attack in which the adversary modifies the DNS server's mapping of domain names to IP addresses in order to divert users away from trustworthy websites onto malicious ones. Pharming depends less on the victim taking any action, such as hoping they click on malicious links, making them more sophisticated and difficult to spot. However, for basic pharming attacks to work successfully, the adversary already needs to have access to the target's system.

Assuming that the IP address of the attacker's malicious website is 172.18.34.21, a brief example of pharming is modifying the `/etc/hosts` file to have google.com point to the aforementioned IP address instead.

# Tools used in phishing

There are many different tools out there that can help attackers carry out phishing attacks. Some tools and services even teach users how to avoid phishing attempts. We've demonstrated the use of one such tool, the Social-Engineer Toolkit (SET), and here are a few more:

- **KnowBe4:** [KnowBe4](https://www.knowbe4.com/) offers tools and services that help organizations simulate a variety of social engineering attacks, including phishing. They provide reports on employee susceptibility and offer training to help educate employees on identifying and preventing phishing attacks.
- **Metasploit:** This is a tool that allows users to perform a variety of attacks, including phishing attacks. Security professionals primarily use it to test the security of their organizations, largely because it comes loaded with many scripts, mini-tools, and a database of exploits that can be utilized in a few keypresses.
- **Gophish:** This is an open-source toolkit that allows users to test how secure their organization is from phishing attacks.

Learn about the different types of phishing attacks, how to carry them out, and what tools can be used to assist in the process.

Introduction to the Course

Introduction to Linux

Introduction to Python

Web and Server Technology

Network Management and Analysis

Open-Source Intelligence

Cross-Site Scripting

SQL Injection

Authentication and Authorization

Cross-Site Request Forgery

Social Engineering Attacks

Broader Security Concepts

Wrapping Up

A Deeper Look at Phishing

Overview