Practical Social Engineering: A Primer for the Ethical Hacker
Author: Joe Gray (Author)
Publisher finelybook 出版社: No Starch Press
Publication Date 出版日期: 2022-06-14
Language 语言: English
Print Length 页数: 230 pages
ISBN-10: 171850098X
ISBN-13: 9781718500983
Book Description
A guide to hacking the human element.
Even the most advanced security teams can do little to defend against an employee clicking a malicious link, opening an email attachment, or revealing sensitive information in a phone call. Practical Social Engineering will help you better understand the techniques behind these social engineering attacks and how to thwart cyber criminals and malicious actors who use them to take advantage of human nature.
Joe Gray, an award-winning expert on social engineering, shares case studies, best practices, open source intelligence (OSINT) tools, and templates for orchestrating and reporting attacks so companies can better protect themselves. He outlines creative techniques to trick users out of their credentials, such as leveraging Python scripts and editing HTML files to clone a legitimate website. Once you’ve succeeded in harvesting information about your targets with advanced OSINT methods, you’ll discover how to defend your own organization from similar threats.
You’ll learn how to:
- Apply phishing techniques like spoofing, squatting, and standing up your own web server to avoid detection
- Use OSINT tools like Recon-ng, theHarvester, and Hunter
- Capture a target’s information from social media
- Collect and report metrics about the success of your attack
- Implement technical controls and awareness programs to help defend against social engineering
Fast-paced, hands-on, and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
Review
“One of the best Social Engineering books of all time”
– BookAuthority
“I really liked the way that [Joe] lays out tools to use, including walking through where to download them from and install them . . . as beginner-friendly and as easy to use as possible.”
—Patrick Laverty, Layer 8 Podcast
“A great introductory text for those that want to master the fundamentals of social engineering.”
—Ben Rothke, Senior Information Security Manager, Tapad
– BookAuthority
“I really liked the way that [Joe] lays out tools to use, including walking through where to download them from and install them . . . as beginner-friendly and as easy to use as possible.”
—Patrick Laverty, Layer 8 Podcast
“A great introductory text for those that want to master the fundamentals of social engineering.”
—Ben Rothke, Senior Information Security Manager, Tapad
About the Author
Joe Gray, a veteran of the U.S. Navy Submarine Force, is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe is the Founder and Principal Instructor at The OSINTion. By day, Joe is a Security Threat Hunting and Intelligence Engineer at Mercari.
As a member of the Password Inspection Agency, Joe has consistently performed well in Capture the Flag events, specifically those involving OSINT. Examples include 2nd Place in the HackFest Quebec Missing Persons CTF and Winning the TraceLabs OSINT Search Party during DEFCON 28 (as a member of The Password Inspection Agency), DEFCON 29 (as a member of The Federal Bureau of OH-SHINT), and DEFCON 30 (as a member of the Eff Ess Bees). Independently, Joe placed 4th in the DerbyCon OSINT CTF, 3rd in the National Child Protection Task Force Missing Persons CTF, and 2nd Place in Hacker Jeopardy at Hack in Paris.
Joe has contributed material for a variety of platforms such as Forbes and Dark Reading in addition to his platforms. Joe has authored the OSINT tools DECEPTICON Bot and WikiLeaker in addition to Practical Social Engineering, available via NoStarch Press.
As a member of the Password Inspection Agency, Joe has consistently performed well in Capture the Flag events, specifically those involving OSINT. Examples include 2nd Place in the HackFest Quebec Missing Persons CTF and Winning the TraceLabs OSINT Search Party during DEFCON 28 (as a member of The Password Inspection Agency), DEFCON 29 (as a member of The Federal Bureau of OH-SHINT), and DEFCON 30 (as a member of the Eff Ess Bees). Independently, Joe placed 4th in the DerbyCon OSINT CTF, 3rd in the National Child Protection Task Force Missing Persons CTF, and 2nd Place in Hacker Jeopardy at Hack in Paris.
Joe has contributed material for a variety of platforms such as Forbes and Dark Reading in addition to his platforms. Joe has authored the OSINT tools DECEPTICON Bot and WikiLeaker in addition to Practical Social Engineering, available via NoStarch Press.