Practical Social Engineering: A Primer for the Ethical Hacker |
|
|---|---|
| Authors: | Gray, Joe |
| Publisher: | No Starch Press |
| BISAC/Subject: | COM053000, COM060040 |
| ISBN: | 9781718500990, Related ISBNs: 171850098X, 1718500998, 9781718500983, 9781718500990 |
| Classification: | Non-Fiction |
| Number of pages: | 230, |
| Audience: | General/trade |
Synopsis: An ethical introduction to social engineering, an attack technique that leverages psychology, deception, and publicly available information to breach the defenses of a human target in order to gain access to an asset. Social engineering is key to the effectiveness of any computer security professional.
Social engineering is the art of capitalizing on human psychology to compromise systems, not technical vulnerabilities. It’s an effective method of attack because even the most advanced security detection teams can do little to defend against an employee clicking a malicious link or opening a file in an email and even less to what an employee may say on a phone call. This book will show you how to take advantage of these ethically sinister techniques so you can better understand what goes into these attacks as well as thwart attempts to gain access by cyber criminals and malicious actors who take advantage of human nature.
Author Joe Gray, an award-winning expert on the subject, shares his Social Engineering case studies, best practices, OSINT tools, and templates for both orchestrating (ethical) attacks and reporting them to companies so they can better protect themselves. His methods maximize influence and persuasion with creative techniques, like leveraging Python scripts, editing HTML files, and cloning a legitimate website to trick users out of their credentials. Once you’ve succeeded in harvesting information on your targets with advanced OSINT methods, Gray guides you through the process of using this information to perform real Social Engineering, then teaches you how to apply this knowledge to defend your own organization from these types of attacks.
You’ll learn:
• How to use Open Source Intelligence tools (OSINT) like Recon-ng and whois
• Strategies for capturing a target’s info from social media, and using it to guess their password
• Phishing techniques like spoofing, squatting, and standing up your own webserver to avoid detection
• How to collect metrics about the success of your attack and report them to clients
• Technical controls and awareness programs to help defend against social engineering
Fast-paced, hands-on and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
Social engineering is the art of capitalizing on human psychology to compromise systems, not technical vulnerabilities. It’s an effective method of attack because even the most advanced security detection teams can do little to defend against an employee clicking a malicious link or opening a file in an email and even less to what an employee may say on a phone call. This book will show you how to take advantage of these ethically sinister techniques so you can better understand what goes into these attacks as well as thwart attempts to gain access by cyber criminals and malicious actors who take advantage of human nature.
Author Joe Gray, an award-winning expert on the subject, shares his Social Engineering case studies, best practices, OSINT tools, and templates for both orchestrating (ethical) attacks and reporting them to companies so they can better protect themselves. His methods maximize influence and persuasion with creative techniques, like leveraging Python scripts, editing HTML files, and cloning a legitimate website to trick users out of their credentials. Once you’ve succeeded in harvesting information on your targets with advanced OSINT methods, Gray guides you through the process of using this information to perform real Social Engineering, then teaches you how to apply this knowledge to defend your own organization from these types of attacks.
You’ll learn:
• How to use Open Source Intelligence tools (OSINT) like Recon-ng and whois
• Strategies for capturing a target’s info from social media, and using it to guess their password
• Phishing techniques like spoofing, squatting, and standing up your own webserver to avoid detection
• How to collect metrics about the success of your attack and report them to clients
• Technical controls and awareness programs to help defend against social engineering
Fast-paced, hands-on and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
LightSail includes up to 6,000 high interest, LexileⓇ aligned book titles with every student subscription. Other titles are available for individual purchase.
SUPPORT GROWING READERS
Immediately Engage Students
Simple intuitive design has classrooms reading within minutes.
Exponentially Grow Reading Time
Students love the LightSail experience and naturally spend more time reading.
Accelerate Literacy Development
Students reading 25 minutes a day on LightSail are seeing 2+ years of Lexile growth in a single year.
LightSail Education is a comprehensive LexileⓇ and standards-aligned, literacy platform and digital e-book library. Including multimodal learning functionality and featuring books from leading publishers, LightSail holistically assesses and nurtures each student on their reading and writing-to-learn journey, throughout elementary, middle, and high school.
*LightSail offers a 2,000 or a 6,000 title bundle with its student subscriptions. Other titles are available for individual purchase.
