Practical Social Engineering
A Primer for the Ethical Hacker
Published on 14. June 2022
Book
Paperback/Softback
230 pages
978-1-7185-0098-3 (ISBN)
Description
Readers learn how to leverage human psychology and publicly available information to attack a target. The book includes sections on how to evade detection, spear phish, generate reports, and protect victims to ensure their well-being. Readers learn how to collect information about a target and how to exploit that information to make their attacks more effective. They also learn how to defend themselves or their workplace against social engineering attacks.
Reviews / Votes
"Gray provides a very accessible look at social engineering that should be essential reading for pentesters and ethical hackers."-Ian Barker, BetaNews
"I really liked the way that [Joe] lays out tools to use, including walking through where to download them from and install them . . . as beginner-friendly and as easy to use as possible."
-Patrick Laverty, Layer 8 Podcast
More details
Language
English
Place of publication
San Francisco
United States
Dimensions
Height: 234 mm
Width: 179 mm
Thickness: 19 mm
Weight
403 gr
ISBN-13
978-1-7185-0098-3 (9781718500983)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
E-Book
06/2022
No Starch Press
€27.49
Available for download
Person
Joe Gray is a veteran of the U.S. Navy. He is the Founder/Principal Instructor of The OSINTion, the Founder/Principal Investigator of Transparent Intelligence Services, and the inaugural winner of the DerbyCon Social Engineering CTF. A member of the Password Inspection Agency, he also won the TraceLabs OSINT Search Party at DEFCON 28, and recently authored the OSINT and OPSEC tools - DECEPTICON Bot and WikiLeaker.
Content
Introduction
Part 1: The Basics
Chapter 1: What is Social Engineering?
Chapter 2: Ethical Considerations in Social Engineering
Part 2: Offensive Social Engineering
Chapter 3: Preparing for an Attack
Chapter 4: Gathering Business OSINT
Chapter 5: Social Media and Public Documents
Chapter 6: Gathering OSINT About People
Chapter 7: Phishing
Chapter 8: Cloning a Landing Page
Chapter 9: Detection, Measurement, and Reporting
Part 3: Defending Against Social Engineering
Chapter 10: Proactive Defense Techniques
Chapter 11: Technical Email Controls
Chapter 12: Producing Threat Intelligence
Appendix A: Scoping Worksheet
Appendix B: Reporting Template
Appendix C: Information Gathering Worksheet
Appendix D: Pretexting Samples
Appendix E: Exercises to Improve Your Social Engineering
Part 1: The Basics
Chapter 1: What is Social Engineering?
Chapter 2: Ethical Considerations in Social Engineering
Part 2: Offensive Social Engineering
Chapter 3: Preparing for an Attack
Chapter 4: Gathering Business OSINT
Chapter 5: Social Media and Public Documents
Chapter 6: Gathering OSINT About People
Chapter 7: Phishing
Chapter 8: Cloning a Landing Page
Chapter 9: Detection, Measurement, and Reporting
Part 3: Defending Against Social Engineering
Chapter 10: Proactive Defense Techniques
Chapter 11: Technical Email Controls
Chapter 12: Producing Threat Intelligence
Appendix A: Scoping Worksheet
Appendix B: Reporting Template
Appendix C: Information Gathering Worksheet
Appendix D: Pretexting Samples
Appendix E: Exercises to Improve Your Social Engineering