Documentation< Previous | Contents | Next >
11.4.5. Client-Side Attacks
Most attacks are conducted against servers, but as services have become harder to attack, easier targets have been selected. Client-side attacks are a result of this, where an attacker will target the various applications installed on the workstation of an employee within a target organization. The Social Engineering Tools menu category has a number of excellent applications that can help conduct these types of attacks.
This sort of attack is best exploited by the Flash, Acrobat Reader, and Java attacks that were very common in the early 2000s. In these cases, attackers would try to solicit a target to visit a malicious web page. These pages would contain specialized code that would trigger vulnerabilities in these client-side applications, resulting in the ability to run malicious code on the targets system.
Client-side attacks are incredibly difficult to prevent, requiring a great deal of user education, constant application updates, and network controls to effectively mitigate the risk.