Social Engineering
Social engineering → psychological manipulation technique used to trick people into revealing sensitive information or performing actions by exploiting trust, fear, urgency, or authority rather than technical vulnerabilities.
Impersonation
Impersonation → social engineering attack where an attacker pretends to be a trusted individual such as an employee, vendor, executive, or authority figure to gain access or information.
Phising
Phishing → message-based social engineering attack using emails that appear legitimate to steal credentials, deliver malware, or redirect victims to fake websites.
Vishing
Voice phishing (Vishing) → social engineering attack conducted over phone calls where attackers impersonate trusted organizations to extract sensitive information.
Smishing
Short message service phishing (Smishing) → social engineering attack delivered through text messages that use malicious links or urgent language to trick users into taking action.
Business Email Compromise
Business email compromise → targeted phishing attack where attackers impersonate executives or vendors to fraudulently request wire transfers, gift cards, or sensitive data.
Watering Hole Attack
Watering hole attack → social engineering technique where attackers compromise a website frequently visited by a specific group to infect users with malware or steal credentials.
Misinformation/Disinformation Attacks
Misinformation and disinformation attacks → deliberate spread of false or misleading information to manipulate opinions, influence behavior, or undermine trust, commonly seen in political and social campaigns.
Brand Impersonation Attacks
Brand impersonation attacks → social engineering attacks that mimic trusted brands using fake emails, websites, or messages to trick users into revealing credentials or financial information.
-
Security Controls10
-
The CIA Triad & Non-Repudiation8
-
AAA & Gap Analysis10
-
Zero Trust12
-
Physical Security8
-
Deception & Disruption4
-
Change Management9
-
Technical Change Management9
-
Public Key Infrastructure & Encrypting Data24
-
Key Exchange & Encyption Technology10
-
Obfuscation8
-
Hashing & Digital Signatures9
-
Digital Certificates12
-
Threat Actors8
-
Common Threat Vectors12
-
Common Social Engineering Attacks9
-
Application & Memory-Based Attacks9
-
SQL Injections & Cross-site Scripting6
-
Operating System & Hardware Vulnerabilities7
-
Virtualization & Cloud-specific Vulnerabilities10
-
Supply Chain & Misconfiguration Vulnerabilities10
-
Mobile Device & Zero-day Vulnerabilities7
-
An Overview of Malware14
-
Viruses, Worms, Spyware & Bloatware10
-
Other Malware Types & Physical Attacks9
-
Denial of Service & DNS Attacks10
-
Wireless & On-Path Attacks:6
-
Replay Attacks & Malicious Code9
-
Cryptographic & Password Attacks8
-
Indicators of Compromise10
-
Segmentation, Access Control & Mitigation Techniques10
-
Hardening Techniques10
-
Cloud Infrastructures9
-
Network Infrastructure Concepts14
-
Infrastructure Considerations15
-
Intrusion Prevention7
-
Network Appliances & Port Security16
-
Firewall Types & Secure Communication11
-
Data Types & Classifications12
-
States of Data & Protecting Data14
-
Resiliency9
-
Capacity Planning, Backups & Recovery Testing9
-
Infrastructure Hardening & Secure Deployment11
-
Wireless Security Settings11
-
Application Security7
-
Asset Management, Vulnerability Scanning & Threat Intelligence14
-
Penetration Testing & Analyzing Vulnerabilities14
-
Vulnerability Remediation & Security Monitoring10
-
Security Tools10
-
Secure Protocols, OS & Email Security15
-
Monitoring Data & Endpoint Security13
-
Identity & Access Management8
-
Access Controls10
-
Incident Response & Planning10
-
Digital Forensics & Log Data17
-
Security Policies, Standards, Procedures & Considerations12
-
Data Roles, Risk Analysis & Management Strategies14
-
Business Impact Analysis & Agreement Types15
-
Compliance, Privacy, Audits & Assessments11
-
Penetration Testing, Security Awareness & User Training10
