Social Engineering:The Science of Human Hacking

Christopher Hadnagy

Second Edition


e-books shop
e-books shop
Purchase Now !
Just with Paypal



Book Details
 Price
 4.00 USD
 Pages
 362 p
 File Size
 7,200 KB
 File Type
 PDF format 
 ISBN             
 978-1-119-43375-0
 Copyright   
 2018 Christopher Hadnagy  

About the Author
CHRISTOPHER HADNAGY
is the CEO and Chief Human Hacker of Social-Engineer, LLC as well as the lead developer and creator of the world's first social engineering framework found at social-engineer.org. He is the founder and creator of the Social Engineering Village (SEVillage) at DEF CON and DerbyCon,as well as the creator of the popular Social Engineering Capture the Flag (SECTF). He is a sought-after speaker and trainer and even has debriefed the Pentagon on these topics. He can be found tweeting at @humanhacker.

FOREWORD
When I started Apple Computers in 1976 with Steve Jobs, I did not imagine
where that invention would take the world. I wanted to do something that was
unheard of: create a personal computer. One that any person could use, enjoy,
and benefit from. Jump forward only a short 40 or so years and that vision is a reality.

With billions of personal computers around the globe, smartphones, smart
devices, and technology being embedded into every aspect of our lives, it is
important to take a step back and look at how we maintain safety and security
while still innovating and growing and working with the next generation.
I love getting to work with youth today, inspiring them to innovate and grow. I
love seeing the ideas flow from them as they figure out new and creative ways to
use technology. And I truly love being able to see how this technology can
enhance people's lives.

With that said, we need to take a serious look at how we secure this future. In
2004 when I gave the keynote speech at HOPE Conference, I said that a lot of
hacking is playing with other people and getting them to do strange things. My
friend, Kevin Mitnick, has mastered this over the years in one area of security
called social engineering.

Chris’s book captures the very essence of social engineering, defining and
shaping it for all of us to understand. He has rewritten the book on it again,
defining the core principles of how we as humans make decisions and how those
very same processes can be manipulated.

Hacking has been around for a while, and human hacking has been around for as
long as humans have. This book can prepare you, protect you, and educate you
how to recognize, defend, and mitigate the risks that come from social engineering.
—Steve “Woz” Wozniak


Table of Contents
Cover
Foreword
Preface
1 A Look into the New World of Professional Social Engineering
What Has Changed?
Why Should You Read This Book?
An Overview of Social Engineering
The SE Pyramid
What's in This Book?
Summary
2 Do You See What I See?
A Real-World Example of Collecting OSINT
Nontechnical OSINT
Tools of the Trade
Summary
3 Profiling People Through Communication
The Approach
Enter the DISC
Summary
4 Becoming Anyone You Want to Be
The Principles of Pretexting
Summary
5 I Know How to Make You Like Me
The Tribe Mentality
Building Rapport as a Social Engineer
The Rapport Machine
Summary
6 Under the Influence
Principle One: Reciprocity
Principle Two: Obligation
Principle Three: Concession
Principle Four: Scarcity
Principle Five: Authority
Principle Six: Consistency and Commitment
Principle Seven: Liking
Principle Eight: Social Proof
Influence vs. Manipulation
Summary
7 Building Your Artwork
The Dynamic Rules of Framing
Elicitation
Summary
8 I Can See What You Didn't Say
Nonverbals Are Essential
All Your Baselines Belong to Us
Understand the Basics of Nonverbals
Comfort vs. Discomfort
Summary
9 Hacking the Humans
An Equal Opportunity Victimizer
The Principles of the Pentest
Phishing
Vishing
SMiShing
Impersonation
Reporting
Top Questions for the SE Pentester
Summary
10 Do You Have a M.A.P.P.?
Step 1: Learn to Identify Social Engineering Attacks
Step 2: Develop Actionable and Realistic Policies
Step 3: Perform Regular Real-World Checkups
Step 4: Implement Applicable Security-Awareness Programs
Tie It All Together
Gotta Keep 'Em Updated
Let the Mistakes of Your Peers Be Your Teacher
Create a Security Awareness Culture
Summary
11 Now What?
Soft Skills for Becoming an Social Engineer
Technical Skills
Education
Job Prospects
The Future of Social Engineering
Index
End User License Agreement


Bookscreen
e-books shop

PREFACE
Social engineering—I can remember when searching for that term led you to
videos on getting free burgers or dates with girls. Now it seems like it's almost a
household term. Just the other day I heard a friend of the family, who's not in
this industry at all, talking about an email scam. She said, “Well, that's just a
great example of social engineering!”
It threw me for a loop for a second, but here we are, eight years after my
decision to start a company solely focused on social engineering, and now it's a
full-blown industry and household term.
If you were to just start reading this book it would be easy to mistake my
intentions. You might think I am fully okay with arming the bad guys or
preparing them for nefarious acts. That cannot be further from the truth.

When I wrote my first book, there were many folks who, during interviews, got
very upset with me and said I was arming the malicious social engineers. I felt
the same then as I do now: you cannot really defend against social engineering
until you know all sides of its use. Social engineering is a tool like a hammer,
shovel, knife, or even a gun. Each has a purpose that can be used to build, save,
feed, or survive; each tool also can be used to maim, kill, destroy, and ruin. For
you to understand how to use social engineering to build, feed, survive, or save,
you need to understand both uses. This is especially true if your goal is to
defend. Defending yourself and others from malicious uses of social engineering
requires that you step over into the dark side of it to get a clear picture of how it is used.

I was recently chatting with AJ Cook about her work on Criminal Minds, and
she mentioned that she often has to meet with real federal agents who work
serial-killer cases to prepare herself for playing the role of JJ on the show. The
same idea applies directly to this book.

As you read this book, do it with an open mind. I tried my hardest to put the
knowledge, experience, and practical wisdom I have learned over the last decade
onto these pages. There will always be some mistakes or something you don't
like or something you might feel was not 100% clear. Let's discuss it; reach out
to me and let's talk. You can find me on Twitter: @humanhacker. Or you can
email me from one of the websites: 
When I teach my five-day courses, I always ask the students to not treat me like
some infallible instructor. If they have knowledge, thoughts, or even feelings
that contradict something I say, I want to discuss it with them. I love learning
and expanding my understanding on these topics. I extend the same request to you.

Finally, I want to thank you. Thank you for spending some of your valuable time
with me in the pages of this book. Thank you for helping me improve over the
years. Thank you for all your feedback, ideas, critiques, and advice.
I truly hope you enjoy this book.
—Christopher Hadnagy
Loading...
DMCA.com Protection Status