• Zuberi 👀@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    1
    ·
    9 months ago

    Basically all of social engineering is to get exactly what you’re talking about, a “head start”

    Go to their LinkedIn: does the head engineer have MySQL version X on his skills, resume, job description, etc? Maybe somebody even endorsed them for it? “Wow they are THE best database administrator”

    Now you know who you need to hack for their database access AND what zero days to research.

    ANY info will be an attack vector

    • Umbrias@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      9 months ago

      Social engineering is to gain access circumventing downcode, not really “get a head start”…

      Most attacks are entirely social engineering. You’re not breaking into secure databases by pulling ridiculous zero day backdoors when it’s much easier to convince an intern to download a file or give you access directly. These super involved attacks are state actors, and no amount of trying to hide what Linux version is being modified will do anything for you there.

      State actors of course also use social engineering

      Ultimately the point is hacking really doesn’t involve the kind of subterfuge you’re describing here in a way where " what Linux is it " matters at all. I mean, windows is used for secure systems across the world, it’s hardly secretive.