Keiran
5 Min Security: Popular Phishing Techniques in 2017/2018
This article is for non-technical people who want to keep themselves and their companies safe from realistic threats. Short and sweet.
In 2017 we saw a number of phishing techniques used successfully. This was largely due to the release of a handful of highly effective methods which are still being used. In this article we’ll cover what these are.
Dynamic Data Exchange (DDE) Payloads – CVE-2017-0199 / CVE-2017-8759 A technique that results in remote access without the use of macros. DDE is a protocol in MS Office products which allows applications to share data between each other. Some functions provided by this protocol allow the execution of commands, which can be abused by attackers to download malware.
Pentesting Enterprise Infrastructure – Journeyman Level
Sophisticated attacks aim to hide from endpoint solutions
Advanced hacking.
Expert approaches
We are inundated by advanced this, expert that, when it comes to hacking and hacking training. When a breach occurs, the media portray it as some epic hack that mere mortals would struggle to comprehend, when in reality it’s actually a run of the mill SQLi attack. Often it’s not advanced, but makes use of a series of vulnerabilities chained together, using Tactics, Techniques and Procedures (TTP) often used by attackers when owning networks.
Page 1 of 1