Book description
Social engineering is the art of capitalizing on human psychology rather than technical vulnerabilities to compromise systems. It’s an effective method of attack because even the most advanced security detection teams can do little to defend against an employee clicking a malicious link or opening a file in an email and even less to what an employee may say on a phone call. This book will show you how to take advantage of these ethically sinister techniques so you can better understand what goes into these attacks as well as thwart attempts to gain access by cyber criminals and malicious actors who take advantage of human nature.
Author Joe Gray, an award-winning expert on the subject, shares his Social Engineering case studies, best practices, OSINT tools, and templates for both orchestrating (ethical) attacks and reporting them to companies so they can better protect themselves. His methods maximize influence and persuasion with creative techniques, like leveraging Python scripts, editing HTML files, and cloning a legitimate website to trick users out of their credentials. Once you’ve succeeded in harvesting information on your targets with advanced OSINT methods, Gray guides you through the process of using this information to perform real Social Engineering, then teaches you how to apply this knowledge to defend your own organization from these types of attacks.
You’ll learn:
•How to use Open Source Intelligence tools (OSINT) like Recon-ng and whois
•Strategies for capturing a target’s info from social media, and using it to guess their password
•Phishing techniques like spoofing, squatting, and standing up your own webserver to avoid detection
•How to collect metrics about the success of your attack and report them to clients
•Technical controls and awareness programs to help defend against social engineering
Fast-paced, hands-on and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
Table of contents
- Title Page
- Copyright
- Dedication
- About the Author
- Acknowledgments
- Introduction
- Part I: The Basics
-
Part II: Offensive Social Engineering
- Chapter 3: Preparing for an Attack
- Chapter 4: Gathering Business OSINT
- Chapter 5: Social Media and Public Documents
- Chapter 6: Gathering OSINT About People
- Chapter 7: Phishing
- Chapter 8: Cloning a Landing Page
- Chapter 9: Detection, Measurement, and Reporting
-
Part III: Defending Against Social Engineering
- Chapter 10: Proactive Defense Techniques
- Chapter 11: Technical Email Controls
- Chapter 12: Producing Threat Intelligence
- Appendix A: Scoping Worksheet
- Appendix B: Reporting Template
- Appendix C: Information-Gathering Worksheet
- Appendix D: Pretexting Sample
- Appendix E: Exercises to Improve Your Social Engineering
- Index
Product information
- Title: Practical Social Engineering
- Author(s):
- Release date: June 2022
- Publisher(s): No Starch Press
- ISBN: 9781718500983
You might also like
audiobook
Social Engineering
Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker's repertoire-why hack …
book
Learn Social Engineering
Improve information security by learning Social Engineering. About This Book Learn to implement information security using …
book
Social Engineering, 2nd Edition
Harden the human firewall against the most current threats Social Engineering: The Science of Human Hacking …
book
Social Engineering: The Art of Human Hacking
The first book to reveal and dissect the technical aspect of many social engineering maneuvers From …