Social Engineering (eBook)
320 Seiten
Wiley (Verlag)
978-1-119-43373-6 (ISBN)
Harden the human firewall against the most current threats
Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker's repertoire-why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited.
Networks and systems can be hacked, but they can also be protected; when the 'system' in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer's bag of tricks.
- Examine the most common social engineering tricks used to gain access
- Discover which popular techniques generally don't work in the real world
- Examine how our understanding of the science behind emotions and decisions can be used by social engineers
- Learn how social engineering factors into some of the biggest recent headlines
- Learn how to use these skills as a professional social engineer and secure your company
- Adopt effective counter-measures to keep hackers at bay
By working from the social engineer's playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.
CHRISTOPHER HADNAGY is the CEO and Chief Human Hacker of Social-Engineer, LLC as well as the lead developer and creator of the world's first social engineering framework found at social-engineer.org. He is the founder and creator of the Social Engineering Village (SEVillage) at DEF CON and DerbyCon,as well as the creator of the popular Social Engineering Capture the Flag (SECTF). He is a sought-after speaker and trainer and even has debriefed the Pentagon on these topics. He can be found tweeting at @humanhacker.
Harden the human firewall against the most current threats Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker s repertoire why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited. Networks and systems can be hacked, but they can also be protected; when the system in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer s bag of tricks. Examine the most common social engineering tricks used to gain access Discover which popular techniques generally don t work in the real world Examine how our understanding of the science behind emotions and decisions can be used by social engineers Learn how social engineering factors into some of the biggest recent headlines Learn how to use these skills as a professional social engineer and secure your company Adopt effective counter-measures to keep hackers at bay By working from the social engineer s playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.
CHRISTOPHER HADNAGY is the CEO and Chief Human Hacker of Social-Engineer, LLC as well as the lead developer and creator of the world's first social engineering framework found at social-engineer.org. He is the founder and creator of the Social Engineering Village (SEVillage) at DEF CON and DerbyCon,as well as the creator of the popular Social Engineering Capture the Flag (SECTF). He is a sought-after speaker and trainer and even has debriefed the Pentagon on these topics. He can be found tweeting at @humanhacker.
Cover 1
Title Page 5
Copyright 6
About the Author 9
About the Technical Editor 9
Credits 11
Acknowledgments 13
Contents 17
Foreword 21
Preface 23
1 A Look into the New World of Professional Social Engineering 25
What Has Changed? 26
Why Should You Read This Book? 28
An Overview of Social Engineering 30
The SE Pyramid 35
OSINT 35
Pretext Development 36
Attack Plan 36
Attack Launch 36
Reporting 36
What’s in This Book? 38
Summary 39
2 Do You See What I See? 41
A Real-World Example of Collecting OSINT 41
Nontechnical OSINT 46
Observational Skills 46
Technical Open Source Intelligence 56
Two Other Things 76
Tools of the Trade 83
SET 83
IntelTechniques 83
FOCA 84
Maltego: The Granddaddy of Them All 84
Summary 85
3 Profiling People Through Communication 87
The Approach 90
Enter the DISC 92
What Is DISC? 93
To Know Thyself Is the Beginning of Wisdom 95
Summary 104
4 Becoming Anyone You Want to Be 107
The Principles of Pretexting 108
Principle One: Thinking Through Your Goals 109
Principle Two: Understanding Reality vs. Fiction 111
Principle Three: Knowing How Far to Go 112
Principle Four: Avoiding Short-Term Memory Loss 115
Principle Five: Getting Support for Pretexting 118
Principle Six: Executing the Pretext 119
Summary 122
5 I Know How to Make You Like Me 125
The Tribe Mentality 127
Building Rapport as a Social Engineer 129
The Moral Molecule 130
The 10 Principles of Building Rapport 131
The Rapport Machine 144
Use the Friends and Family Plan 144
Read 144
Take Special Note of Failures 145
Summary 145
6 Under the Influence 147
Principle One: Reciprocity 149
Reciprocity in Action 149
Using Reciprocity as a Social Engineer 151
Principle Two: Obligation 152
Obligation in Action 152
Using Obligation as a Social Engineer 154
Principle Three: Concession 155
Concession in Action 155
Using Concession as a Social Engineer 157
Principle Four: Scarcity 158
Scarcity in Action 159
Using Scarcity as a Social Engineer 159
Principle Five: Authority 161
Authority in Action 163
Using Authority as a Social Engineer 164
Principle Six: Consistency and Commitment 166
Consistency and Commitment in Action 166
Using Commitment and Consistency as a Social Engineer 168
Principle Seven: Liking 170
Using Liking as a Social Engineer 171
Principle Eight: Social Proof 172
Social Proof in Action 173
Using Social Proof as a Social Engineer 173
Influence vs. Manipulation 175
Manipulation in Action 175
Principles of Manipulation 177
Summary 180
7 Building Your Artwork 181
The Dynamic Rules of Framing 183
Rule 1: Everything You Say Evokes the Frame 186
Rule 2: Words T hat Are Defined with the Frame Evoke the Frame 188
Rule 3: Negating the Frame 189
Rule 4: Causing the Target to T hink About the Frame Reinforces the Frame 190
Elicitation 192
Ego Appeals 192
Mutual Interest 194
Deliberate False Statement 196
Having Knowledge 198
The Use of Questions 201
Summary 206
8 I Can See What You Didn’t Say 207
Nonverbals Are Essential 208
All Your Baselines Belong to Us 211
Be Careful of Misconceptions 214
Know the Basic Rules 218
Understand the Basics of Nonverbals 220
Comfort vs. Discomfort 222
Anger 222
Disgust 225
Contempt 227
Fear 229
Surprise 231
Sadness 235
Happiness 239
Summary 244
9 Hacking the Humans 247
An Equal Opportunity Victimizer 248
The Principles of the Pentest 249
Document Everything 252
Be Judicious with Pretexts 252
Phishing 253
Educational Phishing 253
Pentest Phishing 254
Spear Phishing 255
Phishing Summary 256
Vishing 257
Credential Harvesting 257
Vishing for OSINT 259
Vishing for Full Compromise 260
Vishing Summary 263
SMiShing 264
Impersonation 265
Planning an Impersonation Pentest 266
Considerations of Sanitization 268
Equipment Procurement 269
Impersonation Summary 270
Reporting 270
Professionalism 271
Grammar and Spelling 272
All the Details 272
Mitigation 272
Next Steps 273
Top Questions for the SE Pentester 274
How Can I Get a Job Being a Social Engineer? 274
How Do I Get My Clients to Do SE Stuff? 275
How Much Should I Charge? 277
Summary 278
10 Do You Have a M.A.P.P.? 281
Step 1: Learn to Identify Social Engineering Attacks 283
Step 2: Develop Actionable and Realistic Policies 285
Take the Thinking out of the Policy 285
Remove the Ability for Empathy Bypasses 286
Make Policies Realistic and Actionable 287
Step 3: Perform Regular Real-World Checkups 288
Step 4: Implement Applicable Security-Awareness Programs 290
Tie It All Together 291
Gotta Keep ’Em Updated 292
Let the Mistakes of Your Peers Be Your Teacher 294
Create a Security Awareness Culture 295
Summary 298
11 Now What? 301
Soft Skills for Becoming an Social Engineer 301
Humility 302
Motivation 302
Extroverted 302
Willingness to Try 303
It Really Works! 303
Technical Skills 304
Education 305
Job Prospects 307
Start Your Own Company 307
Get Hired by a Pentest Company 307
Get Hired by a Social Engineering Company 308
The Future of Social Engineering 308
Index 311
EULA 322
| Erscheint lt. Verlag | 25.6.2018 |
|---|---|
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Schlagworte | Computer Science • Computersicherheit • Informatik • Networking / Security • Netzwerke / Sicherheit |
| ISBN-10 | 1-119-43373-8 / 1119433738 |
| ISBN-13 | 978-1-119-43373-6 / 9781119433736 |
| Haben Sie eine Frage zum Produkt? |
PDF (Adobe DRM)Größe: 9,8 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
