O'Reilly logo

Metasploit by Mati Aharoni, Devon Kearns, Jim O'Gorman, David Kennedy

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Spear-Phishing Attack Vector

The spear-phishing attack vector specially crafts file-format exploits (such as Adobe PDF exploits) and primarily sends email attacks containing attachments to a target, which, when opened, compromise the target’s machine. SET can use Simple Mail Transport Protocol (SMTP) open relays (both anonymous and credentialed), Gmail, and Sendmail to send email. SET can also use standard email or HTML-based email to perform the phishing attack.

Let’s consider a real-world penetration test targeting the company CompanyXYZ. You register a domain name similar to Company XYZ, say coompanyxyz.com. You then register the subdomain coom.panyXYZ.com. Next, you send a spear-phishing attack to the target organization, knowing that most ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required