 |
| Social Engineering: The Art of Human Hacking |
Christopher Hadnagy is the lead developer of www.social-engineer.org, the
world’s first social engineering framework. In more than 14 years of security
and IT activity, he has partnered with the team at www.backtrack-linux.org
and worked on a wide variety of security projects. He also serves as trainer
and lead social engineer for Offensive Security’s penetration testing team.
About the Technical Editor
Jim O’Gorman is a professional penetration tester and social engineering
auditor with more 14 years of experience working for companies ranging
from small ISPs to Fortune 100 corporations. Jim is co-trainer of the
Offensive Security Advanced Windows Exploitation class, one of the most
difficult exploit development classes available. A founding member of
www.social-engineer.org, Jim is an authority on educating the public about
social engineering threats.
Table of Contents
Cover
Title Page
Copyright
Dedication
About the Author
About the Technical Editor
Credits
Foreword
Preface and Acknowledgments
Chapter 1: A Look into the World of Social Engineering
Why This Book Is So Valuable
Overview of Social Engineering
Summary
Chapter 2: Information Gathering
Gathering Information
Sources for Information Gathering
Communication Modeling
The Power of Communication Models
Chapter 3: Elicitation
What Is Elicitation?
The Goals of Elicitation
Mastering Elicitation
Summary
Chapter 4: Pretexting: How to Become Anyone
What Is Pretexting?
The Principles and Planning Stages of Pretexting
Successful Pretexting
Summary
Chapter 5: Mind Tricks: Psychological Principles Used in Social Engineering
Modes of Thinking
Microexpressions
Neurolinguistic Programming (NLP)
Interview and Interrogation
Building Instant Rapport
The Human Buffer Overflow
Summary
Chapter 6: Influence: The Power of Persuasion
The Five Fundamentals of Influence and Persuasion
Influence Tactics
Altering Reality: Framing
Manipulation: Controlling Your Target
Manipulation in Social Engineering
Summary
Chapter 7: The Tools of the Social Engineer
Physical Tools
Online Information-Gathering Tools
Summary
Chapter 8: Case Studies: Dissecting the Social Engineer
Mitnick Case Study 1: Hacking the DMV
Mitnick Case Study 2: Hacking the Social Security Administration
Hadnagy Case Study 1: The Overconfident CEO
Hadnagy Case Study 2: The Theme Park Scandal
Top-Secret Case Study 1: Mission Not Impossible
Top-Secret Case Study 2: Social Engineering a Hacker
Why Case Studies Are Important
Summary
Chapter 9: Prevention and Mitigation
Learning to Identify Social Engineering Attacks
Creating a Personal Security Awareness Culture
Being Aware of the Value of the Information You Are Being
Asked For
Keeping Software Updated
Developing Scripts
Learning from Social Engineering Audits
Concluding Remarks
Summary
Index
Preface and Acknowledgments
It was just a few years ago that I was sitting with my friend and mentor, Mati Aharoni, deciding to launch www.social-engineer.org. The idea grew and grew until it became an amazing website supported by some truly brilliant people. It didn’t take long to come up with the idea to put those years of research and experience down into the pages of a book. When I had the idea, I was met with overwhelming support. That said, some specific acknowledgements are very important to how this book became what it is
today. From a very young age I was always interested in manipulating people. Not in a bad way, but I found it interesting how many times I was able to obtain things or be in situations that would be unreal. One time I was with a good friend and business associate at a tech conference at the Javits Center in New York City. A large corporation had rented FAO Schwarz for a private party. Of course, the party was by invitation only, and my friend and I were two small fish in a large pond: the party was for the CEOs and upper management of companies like HP, Microsoft, and the like.
My friend said to me, “It would be really cool to get into that party.” I simply responded, “Why can’t we?” At that point I thought to myself, “I know we can get in there if we just ask the right way.” So I approached the women in charge of the ticket booth and the guest list and I spoke to them for a few minutes. As I was speaking to them, Linus Torvalds, the creator of the Linux kernel, walked by. I had picked up a Microsoft plush toy at one of the booths and as I joke I turned to Linus and said, “Hey, you want to autograph
my Microsoft toy?” He got a good laugh out of it and as he grabbed his tickets he said, “Nice
job, young man. I will see you at the party.” I turned back to the women in charge of the ticket booth and was handed two tickets to an exclusive party inside FAO Schwartz.
It wasn’t until later in life that I began to analyze stories like this, after some started calling it “the Hadnagy Effect.” As funny as that sounds, I began to see that much of what occurred to me wasn’t luck or fate, but rather knowing how to be where I needed to be at the right time.
That doesn’t mean it didn’t take hard work and a lot of help along the way. My muse in life is my wonderful wife. For almost two decades you have supported me in all my ideas and efforts and you are my best friend, my confidant, and my support pillar. Without you I would not be where I am today.
In addition, you have produced two of the most beautiful children on this planet. My son and my daughter are the motivation to keep doing all of this. If anything I do can make this place just a little more secure for them, or teach them how to keep themselves safe, it is all worthwhile.
To my son and daughter, I cannot express enough gratitude for your support, love, and motivation. My hope is that my son and my little princess will not have to deal with the malicious, bad people out in this world, but I know just how unlikely that is. May this information keep you both just a little
more secure. Paul, aka rAWjAW, thanks for all your support on the website.
The thousands of hours you spent as the “wiki-master” paid off and now we have a beautiful resource for the world to use. I know I don’t say it enough, but “you’re fired!” Combined with the beautiful creation of Tom, aka DigIp, the website is a work of art.
Carol, my editor at Wiley, worked her butt off to get this organized and following some semblance of a timeline. She did an amazing job putting together a great team of people and making this idea a reality. Thank you. Brian, I meant what I said. I am going to miss you when this is over. As I worked with you over the last few months I began to look forward to my editing sessions and the knowledge you would lay on me. Your honest and frank counsel and advice made this book better than it was.
My gratitude goes out to Jim, aka Elwood, as well. Without you a lot of what has happened on social-engineer.org as well as inside this book, heck in my life in the last couple years, would not be a reality. Thank you for keeping me humble and in check. Your constant reality checks helped me stay focused and balance the many different roles I had to play. Thank you.
Liz, about twelve years ago you told me I should write a book. I am sure you had something different in mind, but here it is. You have helped me through some pretty dark times. Thank you and I love you.
Mati, my mentor, and my achoti, where would I be without you? Mati, you truly are my mentor and my brother. Thank you from the bottom of my heart for having the faith in me that I could write this book and launch www.socialengineer.org and that both would be good. More than that, your constant
counsel and direction have been translated on the pages of this book to make me more than I thought I could be. Your support with the BackTrack team along with the support of the team at www.offensive-security.com have transcended all I could have expected.
Thank you for helping me balance and prioritize. My achoti, a special thanks to you for being the voice of reason and the light at the end of some frustrating days. With all my love I thank you.
Each person I mentioned here contributed to this book in some fashion.
With their help, support and love this book has become a work that I am proud to have my name on.
For the rest of you who have supported the site, the channel, and our research, thank you.
As you read this book, I hope it affects you the way writing it has affected me. Albert Einstein once said, “Information is not knowledge.” That is a powerful thought. Just reading this book will not somehow implant this knowledge into your being. Apply the principles, practice what is taught in
these pages, and make the information a part of your daily life. When you do that is when you will see this knowledge take effect.
Christopher Hadnagy
October 2010
● Screenshot ●
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 6,257 KB |
Pages
|
477 p |
File Type
|
PDF format |
ISBN
| 978-0-470-63953-5 |
Copyright
| 2011 by Christopher Hadnagy. |
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
