Christopher Hadnagy > Quotes

“I found, for myself, the ability to be observant proved to be easier for me after receiving some training from Dr. Ekman in microexpressions. I found afterward that not only did I become much more aware of what was going on with those around me, but also myself. When I felt a certain expression on my face, I was able to analyze it and see how it might be portrayed to others. This recognition of myself and my surroundings was one of the most enlightening experiences of my life.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“We can learn to protect ourselves against malicious hackers and scam artists, allowing ourselves to feel calmer and more confident in any situation. Critically, we can learn to become far more self-aware about how we’re communicating.”
― Christopher Hadnagy, Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You

“Johnny Long wrote a famous book called Google Hacking for Penetration Testers and really opened up many people’s eyes to the amazing amount of information that Google holds.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“BackTrack is like most Linux distributions in that it is free and open source. Perhaps its greatest asset is that it contains more than 300 tools designed to assist in security auditing.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“When I am done, I simply click on the menu called Basket then Export and export the whole BasKet as an HTML page. This is great for reporting or sharing this data. For a social engineer, collecting data, as will be discussed in detail later, is the crux of every gig, but if you cannot recall and utilize the data quickly, it becomes useless. A tool like BasKet makes retaining and utilizing data easy. If you give BasKet a try and use it once, you will be hooked.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“Johnny developed a list of what he calls “Google Dorks,” or a string that can be used to search in Google to find out information about a company. For example if you were to type in: site:microsoft.com filetype:pdf you be given a list of every file with the extension of PDF that is on the microsoft.com domain. Being familiar with search terms that can help you locate files on your target is a very important part of information gathering. I make a habit of searching for filetype:pdf, filetype:doc, filetype:xls, and filetype:txt. It is also a good idea to see if employees actually leave files like DAT, CFG, or other database or configuration files open on their servers to be harvested.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“Google forgives but it never forgets, and it has been compared to the Oracle. As long as you know how to ask, it can tell you most anything you want to know.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“For that reason I suggest staying away from things like Notepad in Windows or Smultron or TextEdit in Mac. You want to be able to format and highlight certain areas to make them stand out. In my Dradis server, pictured in Figure 2-3, I have a section for phone scripts. This functionality is handy for transcribing ideas that might work based on the information I gathered. These tools suggest how a social engineer begins to utilize the information”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“A social engineer must approach information in much the same way. When finding a target that utilizes many different social media sites, look for the links between them and the information that can create a whole profile.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“Using my practice sessions on microexpressions, a topic addressed in Chapter 5, I show true surprise: “Wait, his cruise was this week? I thought he left next week.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“Password profilers such as Common User Passwords Profiler (CUPP) and Who’s Your Daddy (WYD) can help a social engineer profile the potential passwords a company or person may use.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“What they do The products and services they provide Physical locations Job openings Contact numbers Biographies on the executives or board of directors Support forum Email naming conventions Special words or phrases that can help in password profiling Seeing people’s”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“Protect yourself against would-be manipulators by understanding and recognizing their tricks.”
― Christopher Hadnagy, Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You

“Enter Dradis. According to the creators of the open-source Dradis, the program is a “self-contained web application that provides a centralized repository of information” you have gathered, and a means by which to plan for what’s to come.”
― Christopher Hadnagy, Social Engineering: The Art of Human Hacking

“I had been aware of my own worst impulses, had resolved to bypass them, had taken into account the personality of my “subject,” and had shaped my communications accordingly.”
― Christopher Hadnagy, Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You