What do you think?
Rate this book
Practical Social Engineering: A Primer for the Ethical Hacker
A guide to hacking the human element.
Even the most advanced security teams can do little to defend against an employee clicking a malicious link, opening an email attachment, or revealing sensitive information in a phone call. Practical Social Engineering will help you better understand the techniques behind these social engineering attacks and how to thwart cyber criminals and malicious actors who use them to take advantage of human nature.
Joe Gray, an award-winning expert on social engineering, shares case studies, best practices, open source intelligence (OSINT) tools, and templates for orchestrating and reporting attacks so companies can better protect themselves. He outlines creative techniques to trick users out of their credentials, such as leveraging Python scripts and editing HTML files to clone a legitimate website. Once you’ve succeeded in harvesting information about your targets with advanced OSINT methods, you’ll discover how to defend your own organization from similar threats.
You’ll learn how
Fast-paced, hands-on, and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
Even the most advanced security teams can do little to defend against an employee clicking a malicious link, opening an email attachment, or revealing sensitive information in a phone call. Practical Social Engineering will help you better understand the techniques behind these social engineering attacks and how to thwart cyber criminals and malicious actors who use them to take advantage of human nature.
Joe Gray, an award-winning expert on social engineering, shares case studies, best practices, open source intelligence (OSINT) tools, and templates for orchestrating and reporting attacks so companies can better protect themselves. He outlines creative techniques to trick users out of their credentials, such as leveraging Python scripts and editing HTML files to clone a legitimate website. Once you’ve succeeded in harvesting information about your targets with advanced OSINT methods, you’ll discover how to defend your own organization from similar threats.
You’ll learn how
Fast-paced, hands-on, and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
240 pages, Paperback
Published June 14, 2022
21 people are currently reading
217 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
October 14, 2022
The Advanced Encryption Standard (AES) was selected in 2001 to replace the aging Data Encryption Standard (DES). AES is a symmetric-key algorithm, and with enough computing power, it can be broken. While it can be broken in theory, even if you used all of the computing power on the planet, the universe would likely collapse back on itself before you succeeded. And that is just for one key.
For those who don't want to wait billions of years, rather than use all the world's computing power to hack into a system, they will use social engineering to break it. In Practical Social Engineering: A Primer for the Ethical Hacker (No Starch Press), author Joe Gray has written an excellent introduction to the topic.
I have reviewed here other books on social engineering in the past, including Social Engineering in IT Security Tools, Tactics, and Techniques, and two by Hadnagy in Unmasking the Social Engineer: The Human Element of Security and Social Engineering: The Art of Human Hacking.
Gray has written a reference that can be used by those who want to get their feet wet in social engineering. While an introductory text on the topic, he doesn't waste much space on introductory topics. While breaking encryption requires massive amounts of computing power and people with PhDs in math, social engineering looks to attack something much more accessible, the human element. The perfect example of that is phishing. Which, with a few clicks, can obviate millions of dollars of information security hardware and software controls.
At 200 pages, the book is a great introductory text for those that want to master the fundamentals of social engineering. The focus of the book is on using specific tools to do that.
While the primary audience for the book is social engineers and those that want to be. It should also be read by those who can be victims of social engineering, which is pretty much everyone.
For example, chapter 4 on gathering business OSINT is something everyone should be aware of.
Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources to produce actionable intelligence. The book makes significant use of Crunchbase for that.
Crunchbase is a platform for gaining awareness about business information about private and public companies. Its content includes investment and funding information, founding members and individuals in leadership positions, mergers and acquisitions, news, and industry trends.
By being aware of information gathered from sources like Crunchbase, potential social engineering victims can minimize their attack surface by knowing that when someone calls or messages with seemingly insider information. It is, in fact, public, to which the parties should not be given access or information.
The book is primarily written for pen testers who will find this a helpful guide to assist them in their social engineering tasks. As noted, it also has a lot of value for those that don't want to be victims of a social engineering attack. And the best offense is a good defense, as detailed in this valuable guide.
For those who don't want to wait billions of years, rather than use all the world's computing power to hack into a system, they will use social engineering to break it. In Practical Social Engineering: A Primer for the Ethical Hacker (No Starch Press), author Joe Gray has written an excellent introduction to the topic.
I have reviewed here other books on social engineering in the past, including Social Engineering in IT Security Tools, Tactics, and Techniques, and two by Hadnagy in Unmasking the Social Engineer: The Human Element of Security and Social Engineering: The Art of Human Hacking.
Gray has written a reference that can be used by those who want to get their feet wet in social engineering. While an introductory text on the topic, he doesn't waste much space on introductory topics. While breaking encryption requires massive amounts of computing power and people with PhDs in math, social engineering looks to attack something much more accessible, the human element. The perfect example of that is phishing. Which, with a few clicks, can obviate millions of dollars of information security hardware and software controls.
At 200 pages, the book is a great introductory text for those that want to master the fundamentals of social engineering. The focus of the book is on using specific tools to do that.
While the primary audience for the book is social engineers and those that want to be. It should also be read by those who can be victims of social engineering, which is pretty much everyone.
For example, chapter 4 on gathering business OSINT is something everyone should be aware of.
Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources to produce actionable intelligence. The book makes significant use of Crunchbase for that.
Crunchbase is a platform for gaining awareness about business information about private and public companies. Its content includes investment and funding information, founding members and individuals in leadership positions, mergers and acquisitions, news, and industry trends.
By being aware of information gathered from sources like Crunchbase, potential social engineering victims can minimize their attack surface by knowing that when someone calls or messages with seemingly insider information. It is, in fact, public, to which the parties should not be given access or information.
The book is primarily written for pen testers who will find this a helpful guide to assist them in their social engineering tasks. As noted, it also has a lot of value for those that don't want to be victims of a social engineering attack. And the best offense is a good defense, as detailed in this valuable guide.
August 6, 2022
Finally a decent book on Social Engineering (SE)! So far, any book on SE I got into my hands was just a collection of con-man anecdotes. This book focuses on open source intelligence and the technical aspects; it introduces many tools and explains the procedures for both offensive and defensive techniques of SE. Many additional resources are listed throughout the text, though unfortunately not in a bibliography at the end of the book.
Displaying 1 - 2 of 2 reviews