Chapter 8
Exploiting Physical and Social Vulnerabilities
THIS CHAPTER COVERS THE FOLLOWING COMPTIA PENTEST+ EXAM OBJECTIVES:
Domain 3: Attacks and Exploits
- 3.1 Compare and contrast social engineering attacks.
- Phishing
- Spear phishing
- SMS phishing
- Voice phishing
- Whaling
- Elicitation
- Business email compromise
- Interrogation
- Impersonation
- Shoulder surfing
- USB key drop
- Motivation techniques
- Authority
- Scarcity
- Social proof
- Urgency
- Likeness
- Fear
- Phishing
- 3.6 Summarize physical security attacks related to facilities.
- Piggybacking/tailgating
- Fence jumping
- Dumpster diving
- Lock picking
- Lock bypass
- Egress sensor
- Badge cloning
Domain 4: Penetration Testing Tools
- 4.2 Compare and contrast various use cases of tools.
- Social engineering tools
- SET
- BeEF
- Social engineering tools
Physical penetration testing of facilities is less common than network-based penetration testing, and it requires a different set of skills and techniques.