Often, a PenTest-er will need to perform specialized attacks against different targets. This might include attacking wireless networks to sniff traffic, using social engineering to exploit the human element, or trying to gain access to non‑standard devices such as vehicles. These systems are usually integrated into the main network and can be exploited as entry points. To be successful, the PenTest-er needs to be aware of these systems and understand how to attack them.

<aside> <img src="/icons/target_red.svg" alt="/icons/target_red.svg" width="40px" />

Mission Objectives

• Perform wireless attacks
• Perform social engineering using SET
• Perform specialized system attacks </aside>

1. Wireless Attacks

Wireless signals extend beyond physical walls, creating a unique entry point for attackers to bypass perimeter security.

• WPA/WPA2/WPA3 Cracking: Intercepting the 4-way handshake and performing offline dictionary attacks to recover the Pre-Shared Key (PSK).
• Evil Twin / Rogue Access Points: Setting up a fake Wi-Fi network with the same name (SSID) as the corporate network to capture user credentials or perform MitM.
• WPS Attacks: Exploiting the Wi-Fi Protected Setup PIN via "Pixie Dust" or brute-force attacks to gain access without the password.
• Deauthentication Attacks: Sending spoofed deauth packets to disconnect legitimate users from a network, forcing them to reconnect (useful for capturing handshakes).

2. Social Engineering Attacks

Technology is often secured, but people are often "exploitable." This phase tests the organization’s security culture.

• Phishing: Crafting deceptive emails to steal credentials or deliver malware.
  • Spear Phishing: Highly targeted attacks on specific individuals.
  • Whaling: Targeting high-level executives.
• Vishing & Smishing: Using voice calls or SMS messages to manipulate targets into revealing sensitive information.
• Physical Presence: * Tailgating/Piggybacking: Following an authorized person into a secure area.
  • USB Baiting: Leaving "infected" USB drives in common areas to gain a foothold in the internal network.
• Influence Tactics: Utilizing principles like Urgency, Authority, Scarcity, and Social Proof to increase the success rate of the attack.

3. Specialized System Attacks

As "Smart" devices proliferate, they bring old vulnerabilities into new environments.

• Internet of Things (IoT): Identifying hardcoded credentials, unencrypted communication protocols (Telnet/HTTP), and insecure firmware updates.
• Industrial Control Systems (ICS/SCADA): Assessing the specialized protocols (Modbus, BACnet) used in power plants and factories. Caution: These systems are fragile and require non-destructive testing.
• Mobile Platforms: Analyzing Android (APK) and iOS (IPA) applications for insecure data storage, weak encryption, and improper permissions.