7 Steps of Hacking
Social Engineering Techniques
Phishing
OSINT
Mitigating the Human Risk
100

The step when you use a combination of tools and techniques to create a full profile of an organization and its security posture.

Recon/Foot Printing

100

When you find discarded papers that might contain confidential information.

Dumpster Diving

100

The cause of the majority of security breaches. (67% or more)

Phishing

100

The meaning of the acronym OSINT

Open-Source Intelligence Tools

100

To minimize the risk of something taking place.

Mitigate

200

The step when you use the security posture of the device to enter into a system.

Gaining Access

200

When you get into a restricted space by following another person.

Piggybacking

200

One of the first and most prolific scams.

Nigerian Prince Letter

200

The 3 criteria required to count as OSINT

Free, Public, Legal

200

The desired behavior for a user in a company.

Policy

300

The step when you increase your capabilities with that device.

Escalating Privileges

300

When you offer something of value like a prize if you click a link or leave a USB drive to be found.

Baiting

300

Attack on a specific type of target.

Spear Phishing

300

These are sent to the targets after OSINT information is gathered.

Phishing Emails

300

The steps users are expected to follow in order to adhere to the policies in place.

Procedure

400

The step when you modify the logs to hide your access.

Covering Tracks

400
Impersonation with rushing or "emergency"

Pretexting

400

Attack when the user is tricked into downloading malware on their smartphone or device.

Smishing

400

True/False: Google classroom is an example of an OSINT source.

False

400

This is the final step in establishing a policy.

Formal Training

500

This is the final step when you make it so you can get back into the system.

Installing Backdoors

500

Wearing a "uniform" to gain access.

Pretextion

500

A type of identity fraud that uses phone calls or voicemails to trick people into sharing sensitive information

Vishing

500

True/False: Accessing information from a data breach posted online is an example of OSINT.

True

500

This is the biggest threat to manage in cybersecurity.

Humans