Practical Social Engineering

Joe Gray is a veteran of the U.S. Navy. He is the Founder/Principal Instructor of The OSINTion, the Founder/Principal Investigator of Transparent Intelligence Services, and the inaugural winner of the DerbyCon Social Engineering CTF. A member of the Password Inspection Agency, he also won the TraceLabs OSINT Search Party at DEFCON 28, and recently authored the OSINT and OPSEC tools - DECEPTICON Bot and WikiLeaker.

Introduction

Part 1: The Basics
Chapter 1: What is Social Engineering?
Chapter 2: Ethical Considerations in Social Engineering

Part 2: Offensive Social Engineering
Chapter 3: Preparing for an Attack
Chapter 4: Gathering Business OSINT
Chapter 5: Social Media and Public Documents
Chapter 6: Gathering OSINT About People
Chapter 7: Phishing
Chapter 8: Cloning a Landing Page
Chapter 9: Detection, Measurement, and Reporting

Part 3: Defending Against Social Engineering
Chapter 10: Proactive Defense Techniques
Chapter 11: Technical Email Controls
Chapter 12: Producing Threat Intelligence

Appendix A: Scoping Worksheet
Appendix B: Reporting Template
Appendix C: Information Gathering Worksheet
Appendix D: Pretexting Samples
Appendix E: Exercises to Improve Your Social Engineering