Joe Gray

Practical Social Engineering (eBook, ePUB)

A Primer for the Ethical Hacker

• Format: ePub

Produktbeschreibung

An ethical introduction to social engineering, an attack technique that leverages psychology, deception, and publicly available information to breach the defenses of a human target in order to gain access to an asset. Social engineering is key to the effectiveness of any computer security professional. Practical Social Engineering teaches you how to leverage human psychology and publicly available information to attack a target. The book includes sections on how to evade detection, spear phish, generate reports, and protect victims to ensure their well-being. You'll learn how to collect information about a target and how to exploit that information to make your attacks more effective. You'll also learn how to defend yourself or your workplace against social engineering attacks. Case studies throughout offer poignant examples such as how the author was able to piece together the details of a person's life simply by gathering details from an overheard restaurant conversation. Gray walks you through the sometimes difficult decision making process that every ethical social engineer must go through when implementing a phishing engagement including how to decide whether to do things manually or use automated tools; even how to set up your web server and build other technical tools necessary to succeed.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

• Verlag: No Starch Press
• Seitenzahl: 240
• Erscheinungstermin: 14. Juni 2022
• Englisch
• ISBN-13: 9781718500990
• Artikelnr.: 58743539

Autorenporträt

Joe Gray is a veteran of the U.S. Navy. He is the Founder/Principal Instructor of The OSINTion, the Founder/Principal Investigator of Transparent Intelligence Services, and the inaugural winner of the DerbyCon Social Engineering CTF. A member of the Password Inspection Agency, he also won the TraceLabs OSINT Search Party at DEFCON 28, and recently authored the OSINT and OPSEC tools - DECEPTICON Bot and WikiLeaker.

Inhaltsangabe

Introduction

Part 1: The Basics
Chapter 1: What is Social Engineering?
Chapter 2: Ethical Considerations in Social Engineering

Part 2: Offensive Social Engineering
Chapter 3: Preparing for an Attack
Chapter 4: Gathering Business OSINT
Chapter 5: Social Media and Public Documents
Chapter 6: Gathering OSINT About People
Chapter 7: Phishing
Chapter 8: Cloning a Landing Page
Chapter 9: Detection, Measurement, and Reporting

Part 3: Defending Against Social Engineering
Chapter 10: Proactive Defense Techniques
Chapter 11: Technical Email Controls
Chapter 12: Producing Threat Intelligence

Appendix A: Scoping Worksheet
Appendix B: Reporting Template
Appendix C: Information Gathering Worksheet
Appendix D: Pretexting Samples
Appendix E: Exercises to Improve Your Social Engineering

Rezensionen

"Gray provides a very accessible look at social engineering that should be essential reading for pentesters and ethical hackers."
Ian Barker, BetaNews

"I really liked the way that [Joe] lays out tools to use, including walking through where to download them from and install them . . . as beginner-friendly and as easy to use as possible."
Patrick Laverty, Layer 8 Podcast