Practical Social Engineering

Practical Social Engineering

by Joe Gray
Released June 2022
Publisher(s): No Starch Press
ISBN: 9781718500983

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Social engineering is the art of capitalizing on human psychology rather than technical vulnerabilities to compromise systems. It’s an effective method of attack because even the most advanced security detection teams can do little to defend against an employee clicking a malicious link or opening a file in an email and even less to what an employee may say on a phone call. This book will show you how to take advantage of these ethically sinister techniques so you can better understand what goes into these attacks as well as thwart attempts to gain access by cyber criminals and malicious actors who take advantage of human nature.

Author Joe Gray, an award-winning expert on the subject, shares his Social Engineering case studies, best practices, OSINT tools, and templates for both orchestrating (ethical) attacks and reporting them to companies so they can better protect themselves. His methods maximize influence and persuasion with creative techniques, like leveraging Python scripts, editing HTML files, and cloning a legitimate website to trick users out of their credentials. Once you’ve succeeded in harvesting information on your targets with advanced OSINT methods, Gray guides you through the process of using this information to perform real Social Engineering, then teaches you how to apply this knowledge to defend your own organization from these types of attacks.

You’ll learn:

•How to use Open Source Intelligence tools (OSINT) like Recon-ng and whois
•Strategies for capturing a target’s info from social media, and using it to guess their password
•Phishing techniques like spoofing, squatting, and standing up your own webserver to avoid detection
•How to collect metrics about the success of your attack and report them to clients
•Technical controls and awareness programs to help defend against social engineering

Fast-paced, hands-on and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.

Table of contents

  1. Title Page
  2. Copyright
  3. Dedication
  4. About the Author
  5. Acknowledgments
  6. Introduction
    1. Who This Book Is For
    2. What You’ll Find in This Book
    3. Summary
  7. Part I: The Basics
    1. Chapter 1: What Is Social Engineering?
      1. Important Concepts in Social Engineering
        1. Pretexting
        2. Open Source Intelligence
        3. Phishing
        4. Spear Phishing
        5. Whaling
        6. Vishing
        7. Baiting
        8. Dumpster Diving
      2. Psychological Concepts in Social Engineering
        1. Influence
        2. Manipulation
        3. Rapport
        4. Dr. Cialdini’s Six Principles of Persuasion
        5. Sympathy vs. Empathy
      3. Conclusion
    2. Chapter 2: Ethical Considerations in Social Engineering
      1. Ethical Social Engineering
        1. Establishing Boundaries
        2. Understanding Legal Considerations
        3. Understanding Service Considerations
        4. Debriefing After the Engagement
      2. Case Study: Social Engineering Taken Too Far
      3. Ethical OSINT Collection
        1. Protecting Data
        2. Following Laws and Regulations
      4. Case Study: Ethical Limits of Social Engineering
      5. Conclusion
  8. Part II: Offensive Social Engineering
    1. Chapter 3: Preparing for an Attack
      1. Coordinating with the Client
        1. Scoping
        2. Defining Objectives
        3. Defining Methods
      2. Building Successful Pretexts
      3. Using Specialized Operating Systems for Social Engineering
      4. Following the Attack Phases
      5. Case Study: Why Scoping Matters
      6. Conclusion
    2. Chapter 4: Gathering Business OSINT
      1. Case Study: Why OSINT Matters
      2. Understanding Types of OSINT
      3. Business OSINT
        1. Getting Basic Business Information from Crunchbase
        2. Identifying Website Owners with WHOIS
        3. Collecting OSINT from the Command Line with Recon-ng
        4. Using Other Tools: theHarvester and OSINT Framework
        5. Finding Email Addresses with Hunter
        6. Exploiting Mapping and Geolocation Tools
      4. Conclusion
    3. Chapter 5: Social Media and Public Documents
      1. Analyzing Social Media for OSINT
        1. LinkedIn
        2. Job Boards and Career Sites
        3. Facebook
        4. Instagram
      2. Leveraging Shodan for OSINT
        1. Using Shodan Search Parameters
        2. Searching IP Addresses
        3. Searching Domain Names
        4. Searching Hostnames and Subdomains
      3. Taking Automatic Screenshots with Hunchly
      4. Pilfering SEC Forms
      5. Conclusion
    4. Chapter 6: Gathering OSINT About People
      1. Using OSINT Tools for Analyzing Email Addresses
        1. Finding Out If a User Has Been Breached with Have I Been Pwned
        2. Enumerating Social Media Accounts with Sherlock
        3. Enumerating Website Accounts with WhatsMyName
      2. Analyzing Passwords with Pwdlogy
      3. Analyzing a Target’s Images
        1. Manually Analyzing EXIF Data
        2. Analyzing Images by Using ExifTool
      4. Analyzing Social Media Without Tools
        1. LinkedIn
        2. Instagram
        3. Facebook
        4. Twitter
      5. Case Study: The Dinner That Gave All the Gold Away
      6. Conclusion
    5. Chapter 7: Phishing
      1. Setting Up a Phishing Attack
        1. Setting Up a Secure VPS Instance for Phishing Landing Pages
        2. Choosing an Email Platform
        3. Purchasing Sending and Landing Page Domains
        4. Setting Up the Phishing and Infrastructure Web Server
      2. Additional Steps for Phishing
        1. Using Tracking Pixels to Measure How Often Your Email Is Opened
        2. Automating Phishing with Gophish
        3. Adding HTTPS Support for Phishing Landing Pages
        4. Using URL Shorteners in Phishing
        5. Using SpoofCard for Call Spoofing
      3. Timing and Delivery Considerations
      4. Case Study: The $25 Advanced Persistent Phish
      5. Conclusion
    6. Chapter 8: Cloning a Landing Page
      1. An Example of a Cloned Website
        1. The Login Page
        2. The Sensitive Questions Page
        3. The Error Page
        4. Harvesting the Information
      2. Cloning a Website
        1. Finding the Login and User Pages
        2. Cloning the Pages by Using HTTrack
        3. Altering the Login Field Code
        4. Adding the Web Pages to the Apache Server
      3. Conclusion
    7. Chapter 9: Detection, Measurement, and Reporting
      1. Detection
      2. Measurement
        1. Selection of Metrics
        2. Ratios, Medians, Means, and Standard Deviations
        3. The Number of Times an Email Is Opened
        4. The Number of Clicks
        5. Information Input into Forms
        6. Actions Taken by the Victim
        7. Detection Time
        8. The Timeliness of Corrective Actions
        9. The Success of Corrective Actions
        10. Risk Ratings
      3. Reporting
        1. Knowing When to Make a Phone Call
        2. Writing the Report
      4. Conclusion
  9. Part III: Defending Against Social Engineering
    1. Chapter 10: Proactive Defense Techniques
      1. Awareness Programs
        1. How and When to Train
        2. Nonpunitive Policies
        3. Incentives for Good Behavior
        4. Running Phishing Campaigns
      2. Reputation and OSINT Monitoring
        1. Implementing a Monitoring Program
        2. Outsourcing
      3. Incident Response
        1. The SANS Incident Response Process
        2. Responding to Phishing
        3. Responding to Vishing
        4. Responding to OSINT Collection
        5. Handling Media Attention
        6. How Users Should Report Incidents
        7. Technical Controls and Containment
      4. Conclusion
    2. Chapter 11: Technical Email Controls
      1. Standards
        1. “From” Fields
        2. Domain Keys Identified Mail
        3. Sender Policy Framework
        4. Domain-Based Message Authentication, Reporting, and Conformance
      2. Opportunistic TLS
      3. MTA-STS
      4. TLS-RPT
      5. Email Filtering Technologies
      6. Other Protections
      7. Conclusion
    3. Chapter 12: Producing Threat Intelligence
      1. Using Alien Labs OTX
      2. Analyzing a Phishing Email in OTX
        1. Creating a Pulse
        2. Analyzing the Email Source
        3. Inputting Indicators
        4. Testing a Potentially Malicious Domain in Burp
        5. Analyzing Downloadable Files
      3. Conducting OSINT for Threat Intelligence
        1. Searching VirusTotal
        2. Identifying Malicious Sites on WHOIS
        3. Discovering Phishes with PhishTank
        4. Browsing ThreatCrowd
        5. Consolidating Information in ThreatMiner
      4. Conclusion
  10. Appendix A: Scoping Worksheet
  11. Appendix B: Reporting Template
  12. Appendix C: Information-Gathering Worksheet
  13. Appendix D: Pretexting Sample
    1. Confused Employee
    2. IT Inventory
    3. Transparency Survey
  14. Appendix E: Exercises to Improve Your Social Engineering
    1. Help a Random Stranger and Then Prompt for “Flags”
    2. Improv
    3. Standup Comedy
    4. Public Speaking/Toastmasters
    5. Do OSINT Operations on Family and Friends
    6. Compete in Social Engineering and OSINT CTFs
  15. Index

Product information

  • Title: Practical Social Engineering
  • Author(s): Joe Gray
  • Release date: June 2022
  • Publisher(s): No Starch Press
  • ISBN: 9781718500983