Chapter 8. Exploiting the Client Using Attack Frameworks
Even though organizations have been investing in technologies and skills to secure their business, they are still successfully being attacked. Social engineering is a technique that is used to penetrate into even the most secure environments. Vulnerable employees are often chosen to circumvent various defences that the organization might have deployed. Social engineering and client-side attack vectors are the major driving forces for the new breed of attacks known as Advance Persistent Threats (APT). Targeting the user of a particular organisation is often used as a stepping stone to gain further access inside the organization and is used in all the major APTs discovered in the recent past.
Since in security you are only as strong as your weakest link, employees have become perfect targets to execute an attack. Social engineering attacks provide great value for time and resources you invest in executing the attack. A simple example...
