Social Engineering
John Wiley & Sons (Verlag)
978-1-119-43338-5 (ISBN)
Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker's repertoire--why hack into something when you could just ask for access?
Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past.
The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited.
Networks and systems can be hacked, but they can also be protected; when the "system" in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer's bag of tricks.
- Examine the most common social engineering tricks used to gain access
- Discover which popular techniques generally don't work in the real world
- Examine how our understanding of the science behind emotions and decisions can be used by social engineers
- Learn how social engineering factors into some of the biggest recent headlines
- Learn how to use these skills as a professional social engineer and secure your company
- Adopt effective counter-measures to keep hackers at bay
By working from the social engineer's playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.
Christopher Hadnagy is the CEO and Chief Human Hacker of Social-Engineer, LLC as well as the lead developer and creator of the world's first social engineering framework found at social-engineer.org. He is the founder and creator of the Social Engineering Village (SEVillage) at DEF CON and DerbyCon, as well as the creatorof the popular Social Engineering Capture the Flag (SECTF). He is a sought-afterspeaker and trainer and even has debriefed the Pentagon on these topics. Hecan be found tweeting at @humanhacker.
Acknowledgments xi
Foreword xix
Preface xxi
1 A Look into the New World of Professional Social Engineering .
What Has Changed? 2
Why Should You Read This Book? 4
An Overview of Social Engineering 6
The SE Pyramid 11
What’s in This Book? 14
Summary 15
2 Do You See What I See? 17
A Real-World Example of Collecting OSINT 17
Nontechnical OSINT 22
Tools of the Trade 59
Summary 61
3 Profiling People Through Communication 63
The Approach 66
Enter the DISC 68
Summary 80
4 Becoming Anyone You Want to Be 83
The Principles of Pretexting 84
Summary 98
5 I Know How to Make You Like Me 101
The Tribe Mentality 103
Building Rapport as a Social Engineer 105
The Rapport Machine 120
Summary 121
6 Under the Influence 123
Principle One: Reciprocity 125
Principle Two: Obligation 128
Principle Three: Concession 131
Principle Four: Scarcity 134
Principle Five: Authority 137
Principle Six: Consistency and Commitment 142
Principle Seven: Liking 146
Principle Eight: Social Proof 148
Influence vs. Manipulation 151
Summary 156
7 Building Your Artwork 157
The Dynamic Rules of Framing 159
Elicitation 168
Summary 182
8 I Can See What You Didn’t Say 183
Nonverbals Are Essential 184
All Your Baselines Belong to Us 187
Understand the Basics of Nonverbals 196
Comfort vs. Discomfort 198
Summary 220
9 Hacking the Humans 223
An Equal Opportunity Victimizer 224
The Principles of the Pentest 225
Phishing 229
Vishing 233
SMiShing 240
Impersonation 241
Reporting 246
Top Questions for the SE Pentester 250
Summary 254
10 Do You Have a M.A.P.P.? 257
Step 1: Learn to Identify Social Engineering Attacks 259
Step 2: Develop Actionable and Realistic Policies 261
Step 3: Perform Regular Real-World Checkups 264
Step 4: Implement Applicable Security-Awareness Programs 266
Tie It All Together 267
Gotta Keep ’Em Updated 268
Let the Mistakes of Your Peers Be Your Teacher 270
Create a Security Awareness Culture 271
Summary 274
11 Now What? 277
Soft Skills for Becoming an Social Engineer 277
Technical Skills 280
Education 281
Job Prospects 283
The Future of Social Engineering 284
Index 287
Erscheinungsdatum | 02.08.2018 |
---|---|
Verlagsort | New York |
Sprache | englisch |
Maße | 153 x 228 mm |
Gewicht | 344 g |
Einbandart | kartoniert |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Schlagworte | IT-Sicherheit • Sicherheit • social engineering • Social Hacking |
ISBN-10 | 1-119-43338-X / 111943338X |
ISBN-13 | 978-1-119-43338-5 / 9781119433385 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich