What do you think?
Rate this book
The Art of Attack: Attacker Mindset for Security Professionals
Take on the perspective of an attacker with this insightful new resource for ethical hackers, pentesters, and social engineers In The Art of Attacker Mindset for Security Professionals, experienced physical pentester and social engineer Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to use it to their advantage. Adopting this mindset will result in the improvement of security, offensively and defensively, by allowing you to see your environment objectively through the eyes of an attacker. The book shows you the laws of the mindset and the techniques attackers use, from persistence to "start with the end" strategies and non-linear thinking, that make them so dangerous. You'll Perfect for red teams, social engineers, pentesters, and ethical hackers seeking to fortify and harden their systems and the systems of their clients, The Art of Attack is an invaluable resource for anyone in the technology security space seeking a one-stop resource that puts them in the mind of an attacker.
304 pages, Paperback
Published August 10, 2021
76 people are currently reading
290 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 4 of 4 reviews
December 1, 2021
This book is about what the author calls the "Attacker Mindset" (AM), a mindset that will keep you focused on the relevant things during a Social Engineering attack on a target (usually a company). She stresses that AM will also be helpful in other types of attacks (meaning the more technical side), but the book itself is almost exclusively concerned with Social Engineering.
In principle, it is good that books such as these are written, but I feel that Social Engineers have yet to find out a good way of conveying their craft beyond the anecdotal and superficial. It is very difficult to teach things that are essentially part of someone's personality, and also in this book, you will read a lot about what the Attacker Mindset is, but not really learn the Attacker Mindset. Much of the description is common sense, and the book is also quite repetitive. In combination, it becomes a bit boring to read about halfway through.
In principle, it is good that books such as these are written, but I feel that Social Engineers have yet to find out a good way of conveying their craft beyond the anecdotal and superficial. It is very difficult to teach things that are essentially part of someone's personality, and also in this book, you will read a lot about what the Attacker Mindset is, but not really learn the Attacker Mindset. Much of the description is common sense, and the book is also quite repetitive. In combination, it becomes a bit boring to read about halfway through.
September 19, 2023
Today, when most people hear “security,” they think of protection against hackers on the Internet. Indeed, the explosion of information available online has exposed an almost infinite number of vulnerabilities. However, many forget that every vulnerability starts with a human actor. Understanding that attacker’s psychology, therefore, provides a paramount route of defense. In this book, Maxie Reynolds, a security analyst, seeks to teach readers how to master the attacker mindset so that they can anticipate future attacks.
I work in IT, and I wanted to read this book to better anticipate cyberattacks. It did not meet that goal, lamentably, but it taught me much more about how to think about social factors that go into an attack. It taught me how to recognize when a human tries to gain secretive information. By itself, this first step can teach how to protect oneself through later actions.
Many of the examples here are from the physical world. They talk about infiltrating something like a business or an office… or talking someone into divulging information… or how acting and security relate intimately. This book does not talk in detail about attack vectors in cyberspace, though, aside from gaining reconnaissance information. Many cybersecurity professionals – and more importantly, many organizations – do not adequately address the human side of an attack well. Reynolds introduces us specific ways to master this mindset in ourselves so that we can better defend ourselves, our workplaces, and our careers.
Although it did not fulfill my initial desires, this book taught me a lot. It began a daily habit of looking for ways that others might take advantage of vulnerabilities I present. As a main drawback, however, it overuses acronyms and jargon. She uses terms like “AMS” (Attacker Mindset) and “EA” (Ethical Attacker) way too much. She should just use the actual words so that I, as a reader, don’t have to mentally “look up” what those words mean.
As described in the subtitle, this book’s intended audience is security professionals. That’s somewhat of a misnomer. It should also be read by organizational leaders and other prime targets of attackers. Today, many of us cannot hide behind security professionals to anticipate our needs and teach us how to behave. We need to carefully apprehend the attacker mindset ourselves. This book provides an excellent way to do so. I still seek to read another book or two on technical details of cybersecurity, but Reynolds has masterfully taught me the often-overlooked psychology.
I work in IT, and I wanted to read this book to better anticipate cyberattacks. It did not meet that goal, lamentably, but it taught me much more about how to think about social factors that go into an attack. It taught me how to recognize when a human tries to gain secretive information. By itself, this first step can teach how to protect oneself through later actions.
Many of the examples here are from the physical world. They talk about infiltrating something like a business or an office… or talking someone into divulging information… or how acting and security relate intimately. This book does not talk in detail about attack vectors in cyberspace, though, aside from gaining reconnaissance information. Many cybersecurity professionals – and more importantly, many organizations – do not adequately address the human side of an attack well. Reynolds introduces us specific ways to master this mindset in ourselves so that we can better defend ourselves, our workplaces, and our careers.
Although it did not fulfill my initial desires, this book taught me a lot. It began a daily habit of looking for ways that others might take advantage of vulnerabilities I present. As a main drawback, however, it overuses acronyms and jargon. She uses terms like “AMS” (Attacker Mindset) and “EA” (Ethical Attacker) way too much. She should just use the actual words so that I, as a reader, don’t have to mentally “look up” what those words mean.
As described in the subtitle, this book’s intended audience is security professionals. That’s somewhat of a misnomer. It should also be read by organizational leaders and other prime targets of attackers. Today, many of us cannot hide behind security professionals to anticipate our needs and teach us how to behave. We need to carefully apprehend the attacker mindset ourselves. This book provides an excellent way to do so. I still seek to read another book or two on technical details of cybersecurity, but Reynolds has masterfully taught me the often-overlooked psychology.
October 14, 2021
This is an excellent introduction to a practically unknown industry. At least unknown by me until a few years ago.
Maxie's conversational approach of storytelling and education is exactly what I like to see in books. Give me something I can experience mentally and trick me into learning.
Her use of humor (as well as the self-beneficial concerns about a company's security) makes reading this book easy and friendly.
I will have to read this again to solidify this new newfound knowledge.
Maxie's conversational approach of storytelling and education is exactly what I like to see in books. Give me something I can experience mentally and trick me into learning.
Her use of humor (as well as the self-beneficial concerns about a company's security) makes reading this book easy and friendly.
I will have to read this again to solidify this new newfound knowledge.
January 28, 2023
Really boring and repetitive with very few examples.
Outside of several very partial descriptions of author experience she likes examples of spies… but she does not talk about having done insider information, so not clear how the story of Soviet engineer A. Tolkachev, who became a CIA spy is relevant to the subject matter, etc.
I stopped reading after 1/3-really tried for a couple of weeks as the subject is very interesting
Outside of several very partial descriptions of author experience she likes examples of spies… but she does not talk about having done insider information, so not clear how the story of Soviet engineer A. Tolkachev, who became a CIA spy is relevant to the subject matter, etc.
I stopped reading after 1/3-really tried for a couple of weeks as the subject is very interesting
Displaying 1 - 4 of 4 reviews