An ethical introduction to social engineering; an attack technique that leverages psychology, deception, and publicly available information to breach the defenses of a human target in order to gain access to an asset. Social engineering is key to the effectiveness of any computer security professional.
A guide to hacking the human element.
Even the most advanced security teams can do little to defend against an employee clicking a malicious link, opening an email attachment, or revealing sensitive information in a phone call. Practical Social Engineering will help you better understand the techniques behind these social engineering attacks and how to thwart cyber criminals and malicious actors who use them to take advantage of human nature.
Joe Gray, an award-winning expert on social engineering, shares case studies, best practices, open source intelligence (OSINT) tools, and templates for orchestrating and reporting attacks so companies can better protect themselves. He outlines creative techniques to trick users out of their credentials, such as leveraging Python scripts and editing HTML files to clone a legitimate website. Once you've succeeded in harvesting information about your targets with advanced OSINT methods, you'll discover how to defend your own organization from similar threats.
You'll learn how to-
.
Apply phishing techniques like spoofing, squatting, and standing up your own web server to avoid detection
.
Use OSINT tools like Recon-ng, theHarvester, and Hunter
.
Capture a target's information from social media
.
Collect and report metrics about the success of your attack
.
Implement technical controls and awareness programs to help defend against social engineering
Fast-paced, hands-on, and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
By:
Joe Gray
Imprint: No Starch Press,US
Country of Publication: United States
Dimensions:
Height: 234mm,
Width: 177mm,
ISBN: 9781718500983
ISBN 10: 171850098X
Pages: 230
Publication Date: 20 September 2022
Audience:
General/trade
,
ELT Advanced
Format: Paperback
Publisher's Status: Active
Introduction Part 1: The Basics Chapter 1: What is Social Engineering? Chapter 2: Ethical Considerations in Social Engineering Part 2: Offensive Social Engineering Chapter 3: Preparing for an Attack Chapter 4: Gathering Business OSINT Chapter 5: Social Media and Public Documents Chapter 6: Gathering OSINT About People Chapter 7: Phishing Chapter 8: Cloning a Landing Page Chapter 9: Detection, Measurement, and Reporting Part 3: Defending Against Social Engineering Chapter 10: Proactive Defense Techniques Chapter 11: Technical Email Controls Chapter 12: Producing Threat Intelligence Appendix A: Scoping Worksheet Appendix B: Reporting Template Appendix C: Information Gathering Worksheet Appendix D: Pretexting Samples Appendix E: Exercises to Improve Your Social Engineering
Joe Gray is a veteran of the U.S. Navy. He is the Founder/Principal Instructor of The OSINTion, the Founder/Principal Investigator of Transparent Intelligence Services, and the inaugural winner of the DerbyCon Social Engineering CTF. A member of the Password Inspection Agency, he also won the TraceLabs OSINT Search Party at DEFCON 28, and recently authored the OSINT and OPSEC tools - DECEPTICON Bot and WikiLeaker.
Reviews for Practical Social Engineering: A Primer for the Ethical Hacker
Gray provides a very accessible look at social engineering that should be essential reading for pentesters and ethical hackers. -Ian Barker, BetaNews I really liked the way that [Joe] lays out tools to use, including walking through where to download them from and install them . . . as beginner-friendly and as easy to use as possible. -Patrick Laverty, Layer 8 Podcast
