Comparison should include the following:
- Social engineering
- Phishing
- Spear phishing
- Whaling
- Vishing
- Tailgating
- Impersonation
- Dumpster diving
- Shoulder surfing
- Hoax
- Watering hole attack
- Principles (reasons for effectiveness)
- Authority
- Intimidation
- Consensus
- Scarcity
- Familiarity
- Trust
- Urgency
- Application/service attacks
- Denial of Service (DoS)
- Distributed Denial of Service (DDoS)
- Man-in-the-middle
- Buffer overflow
- Injection
- Cross-site scripting
- Cross-site request forgery
- Privilege escalation
- Address Resolution Protocol (ARP) poisoning
- Amplification
- Domain Name Service (DNS) poisoning
- Domain hijacking
- Man-in-the-browser
- Zero day
- Replay
- Pass the hash
- Hijacking and related attacks
- Clickjacking
- Session hijacking
- Universal Resource Locator (URL) hijacking
- Typo squatting
- Driver manipulation
- Message Authentication Code (MAC) spoofing
- Internet Protocol (IP) spoofing
- Wireless attacks
- Replay
- Initialization Vector (IV)
- Evil twin
- Rogue Access Point (AP)
- Jamming
- Wireless Fidelity (WiFi) Protected Setup (WPS)
- Bluejacking
- Bluesnarfing
- Radio Frequency Identifier (RFID)
- Near Field Communication (NFC)
- Disassociation
- Cryptographic attacks
- Birthday
- Known plain text/cipher text
- Rainbow tables
- Dictionary
- Brute force
- Collision
- Downgrade
- Replay
- Weak implementations
Process/Skill Questions:
- What specific vulnerability is exploited by a social engineering attack?
- How is spear phishing different from vishing?
- What are the similarities among various application attacks?
- What might be done to prevent social engineering attacks?