Social Engineering

• Non-technical technique used to manipulate people
• Exploits human behavior rather than system flaws
• Common entry point for many cyber attacks

Goals of Social Engineering

• Steal login credentials
• Trick users into installing malicious software
• Gain unauthorized access to systems or finances

Common Social Engineering Techniques

• Elicitation through casual conversation
• Pretexting using false identities or scenarios
• Building trust to influence decisions

Phishing and Online Attacks

• Phishing via email and messages
• Spear phishing targets specific individuals
• Whaling focuses on high-value targets

Tools, Threats, and Defense

• Tools: SET(Social-Engineer Toolkit) and BeEF(Browser Exploitation Framework)
• Use of social media for impersonation
• Defense through awareness, detection, and user education

Phases of a Social Engineering Attack

• Social engineering relies more on human interaction than technical skill
• Attacks follow a structured sequence of phases

Research Phase

• Gather information about the target organization
• Sources include websites, social media, conversations, and dumpster diving
• Used to understand people, roles, and systems

Target Selection Phase

• Choose individuals with access to useful information
• Common targets include communication or support staff
• Research and selection may repeat

Relationship Building Phase

• Establish trust or rapport with the target
• Can be quick (phishing) or long-term (impersonation)
• Target believes attacker is legitimate

Exploitation Phase

• Extract sensitive data like credentials or network details
• May also involve financial manipulation or fraud

Social Engineering Attack Techniques

• Social engineering attacks are classified into:
  • Physical-based
  • Electronic-based

Physical-Based Social Engineering

• Involves face-to-face interactions
• Attacker gains trust by:
  • Appearing authoritative
  • Exploiting habits, goodwill, or routine behavior
• Used to collect sensitive information

Pretexting

• Attacker adopts a false identity or authority
• Often involves urgency and impersonation
• Common examples:
  • Utility workers
  • Police or fire officials
• Victims comply due to respect for authority

Eavesdropping & Shoulder Surfing

• Eavesdropping: Secretly listening to conversations
• Can occur in offices, public places, or online meetings
• Shoulder surfing: Observing sensitive information on screens
• Common in cafés, airports, or public transport

Dumpster Diving

• Searching trash for sensitive information
• Items found may include:
  • Documents
  • Invoices
  • Old hardware
• Often opportunistic but still effective

Piggybacking / Tailgating

• Unauthorized person gains access via a legitimate user
• Relies on politeness and trust
• Common excuses:
  • “I forgot my badge”
  • “I’m new here”
• Leads to physical access to systems or data

Electronic-Based Social Engineering

• Exploits trust and believability through digital communication
• Targets users via email, phone, messages, and websites
• Relies on deception rather than technical hacking

Phishing

• Fraudulent emails or messages posing as trusted sources
• Victims are tricked into:
  • Entering credentials
  • Clicking malicious links
  • Opening attachments
• Common lures: account warnings, delivery notices, payments

Common Phishing Techniques

• Spoofed names: Fake sender addresses
• Malicious links: Fake login pages
• QR code phishing: Redirects to credential-harvesting sites
• Email attachments: Documents containing malware or links

Advanced Phishing Attacks

• Spear phishing: Targets specific individuals or organizations
• Whaling: Targets executives or high-profile individuals
• Angler phishing: Fake customer support on social media
• Watering hole attack: Compromised trusted websites

Scareware

• Fake security alerts or pop-ups
• Claims system is infected or at risk
• Tricks users into installing malware

Impersonation Attacks

• Attacker pretends to be:
  • Executives
  • IT support
  • Service technicians
• Uses urgency and authority to pressure victims
• Often results in financial fraud

Common Impersonation Scams

• 419 scam: Fake inheritance or money transfer
• Baiting: Free downloads or rewards
• Honey traps: Romance and dating scams

Phone-Based Social Engineering

• Manipulates victims via phone or voice messages
• Exploits fear, trust, or urgency
• Targets individuals and organizations

Smishing and Vishing

• Smishing: SMS-based phishing messages
• Vishing: Voice or VoIP scam calls
• Often impersonate banks, government, or support teams

Business Email Compromise (BEC)

• Compromised business email accounts
• Used for:
  • Wire fraud
  • Data theft
  • Malware distribution
• Includes account compromise and email thread hijacking

Hacking Databases

• Databases store sensitive business and user data
• Compromise leads to privacy breaches, financial loss, reputational damage
• Attackers target databases for maximum impact and profit

Why Databases Are Prime Targets

• Designed for efficient data storage and retrieval
• Elevated privileges allow data theft and manipulation
• Malicious content can be injected into stored data
• Privilege escalation often starts from weak applications or internal systems

Common Attack Paths

• SQL Injection through vulnerable input fields
• Compromising internal machines behind the firewall
• Using trusted internal access to reach database servers
• Lateral movement to gain full database control

Finding Databases on the Network

• Databases may be internet-facing or internal
• Identifying database servers is the first attack step

Internet-Exposed Databases

• Full internet scanning is inefficient
• Shodan helps locate publicly exposed database services quickly

Internal Network Discovery

• Used after perimeter compromise
• Enumeration tools identify hosts, ports, and services
• Helps locate internal database servers

Using Nmap for Database Detection

• Scans default database ports
• MSSQL – 1433
• MySQL – 3306
• PostgreSQL – 5432
• MongoDB – 27017
• Elastic – 9300
• Cassandra – 9042

Nmap Scripts and Scanning

• Uses database detection scripts
• mysql-info.nse
• ms-sql-info.nse
• oracle-sid-brute.nse
• db2-info.nse
• Scripts executed using the --script option

Discovering Databases with SQLmap

• Identifies known and unknown SQL databases
• Automates database discovery
• Supports multiple database platforms
• Effective after a target is identified

Exploring databases

Types of Databases

• Relational Database: Data is stored in tables with keys and relationships between tables. A common example is linking customer data with orders using a customer ID.
• Distributed Database: Data is spread across multiple network locations and kept consistent using replication.
• Object-Oriented Database: Data is stored as objects, similar to object-oriented programming concepts, combining data and behavior.

Database Structures

• Record: A collection of related data items treated as a single unit.
• Column: Represents a single data attribute, such as age, status, or location.
• Row: A single entry or line of data within a table, made up of multiple columns.

Network-Based Database Attacks

• These attacks target databases by exploiting weaknesses in the network infrastructure.
• Attackers focus on misconfigurations, insecure architectures, and vulnerable protocols.
• Goals include unauthorized access, data theft, and disruption of database services.

Network-Based Attacks – Listeners & Protocols

• Databases use network listeners to accept client connections (e.g., Oracle, MS SQL, MySQL).
• Attackers probe listeners for buffer overflows, DoS flaws, connector issues, and injections.
• Common listening ports exposed to the internet are heavily scanned.
• Database communication protocols (HTTP/HTTPS, NetBIOS, MS-DCOM, etc.) may contain implementation flaws that enable exploitation.

Database Engine Faults and Bugs

• The database engine processes queries and commands from users and applications.
• It is the most complex component, making it a common source of vulnerabilities.
• Bugs can exist due to design flaws or poor input handling.

Database Engine Faults and Bugs – Impact

• Vulnerabilities include improper user validation and buffer overflows.
• Such flaws may cause the database to return unauthorized data.
• In severe cases, attackers can gain full control over the database engine.

Brute-Force Attacks on Credentials

• Compromised credentials are one of the easiest ways to access databases.
• These attacks are difficult to detect because valid accounts are used.
• Weak or default passwords significantly increase risk.

Misconfigurations

Database security requires continuous maintenance, monitoring, and vulnerability management. Poor configuration practices by administrators or developers often create serious security gaps. Documentation and automation help track changes and reduce human error.

Excessive Services and Privileges

• Using database servers to run extra services like web servers increases attack surface.
• Granting users and service accounts more privileges than necessary violates least-privilege principles.
• Such practices are more commonly observed in Windows-based environments.

Insecure Settings and Weak Controls

• Allowing insecure protocols or unrestricted API access exposes databases to misuse.
• Failure to use built-in security features, such as limiting failed login attempts, weakens defense.
• Not enforcing password complexity enables easy credential compromise.

Monitoring and Production Risks

• Poor query control can lead to excessive CPU usage and database crashes.
• Auditing features left disabled reduce visibility into attacks and misuse.
• Development settings left active in production environments create critical vulnerabilities.