What do you think?
Rate this book
The Art of Attack: Attacker Mindset for Security Professionals
Take on the perspective of an attacker with this insightful new resource for ethical hackers, pentesters, and social engineers In The Art of Attacker Mindset for Security Professionals, experienced physical pentester and social engineer Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to use it to their advantage. Adopting this mindset will result in the improvement of security, offensively and defensively, by allowing you to see your environment objectively through the eyes of an attacker. The book shows you the laws of the mindset and the techniques attackers use, from persistence to "start with the end" strategies and non-linear thinking, that make them so dangerous. You'll Perfect for red teams, social engineers, pentesters, and ethical hackers seeking to fortify and harden their systems and the systems of their clients, The Art of Attack is an invaluable resource for anyone in the technology security space seeking a one-stop resource that puts them in the mind of an attacker.
304 pages, Paperback
Published August 10, 2021
93 people are currently reading
331 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
December 1, 2021
This book is about what the author calls the "Attacker Mindset" (AM), a mindset that will keep you focused on the relevant things during a Social Engineering attack on a target (usually a company). She stresses that AM will also be helpful in other types of attacks (meaning the more technical side), but the book itself is almost exclusively concerned with Social Engineering.
In principle, it is good that books such as these are written, but I feel that Social Engineers have yet to find out a good way of conveying their craft beyond the anecdotal and superficial. It is very difficult to teach things that are essentially part of someone's personality, and also in this book, you will read a lot about what the Attacker Mindset is, but not really learn the Attacker Mindset. Much of the description is common sense, and the book is also quite repetitive. In combination, it becomes a bit boring to read about halfway through.
In principle, it is good that books such as these are written, but I feel that Social Engineers have yet to find out a good way of conveying their craft beyond the anecdotal and superficial. It is very difficult to teach things that are essentially part of someone's personality, and also in this book, you will read a lot about what the Attacker Mindset is, but not really learn the Attacker Mindset. Much of the description is common sense, and the book is also quite repetitive. In combination, it becomes a bit boring to read about halfway through.
September 19, 2023
Today, when most people hear “security,” they think of protection against hackers on the Internet. Indeed, the explosion of information available online has exposed an almost infinite number of vulnerabilities. However, many forget that every vulnerability starts with a human actor. Understanding that attacker’s psychology, therefore, provides a paramount route of defense. In this book, Maxie Reynolds, a security analyst, seeks to teach readers how to master the attacker mindset so that they can anticipate future attacks.
I work in IT, and I wanted to read this book to better anticipate cyberattacks. It did not meet that goal, lamentably, but it taught me much more about how to think about social factors that go into an attack. It taught me how to recognize when a human tries to gain secretive information. By itself, this first step can teach how to protect oneself through later actions.
Many of the examples here are from the physical world. They talk about infiltrating something like a business or an office… or talking someone into divulging information… or how acting and security relate intimately. This book does not talk in detail about attack vectors in cyberspace, though, aside from gaining reconnaissance information. Many cybersecurity professionals – and more importantly, many organizations – do not adequately address the human side of an attack well. Reynolds introduces us specific ways to master this mindset in ourselves so that we can better defend ourselves, our workplaces, and our careers.
Although it did not fulfill my initial desires, this book taught me a lot. It began a daily habit of looking for ways that others might take advantage of vulnerabilities I present. As a main drawback, however, it overuses acronyms and jargon. She uses terms like “AMS” (Attacker Mindset) and “EA” (Ethical Attacker) way too much. She should just use the actual words so that I, as a reader, don’t have to mentally “look up” what those words mean.
As described in the subtitle, this book’s intended audience is security professionals. That’s somewhat of a misnomer. It should also be read by organizational leaders and other prime targets of attackers. Today, many of us cannot hide behind security professionals to anticipate our needs and teach us how to behave. We need to carefully apprehend the attacker mindset ourselves. This book provides an excellent way to do so. I still seek to read another book or two on technical details of cybersecurity, but Reynolds has masterfully taught me the often-overlooked psychology.
I work in IT, and I wanted to read this book to better anticipate cyberattacks. It did not meet that goal, lamentably, but it taught me much more about how to think about social factors that go into an attack. It taught me how to recognize when a human tries to gain secretive information. By itself, this first step can teach how to protect oneself through later actions.
Many of the examples here are from the physical world. They talk about infiltrating something like a business or an office… or talking someone into divulging information… or how acting and security relate intimately. This book does not talk in detail about attack vectors in cyberspace, though, aside from gaining reconnaissance information. Many cybersecurity professionals – and more importantly, many organizations – do not adequately address the human side of an attack well. Reynolds introduces us specific ways to master this mindset in ourselves so that we can better defend ourselves, our workplaces, and our careers.
Although it did not fulfill my initial desires, this book taught me a lot. It began a daily habit of looking for ways that others might take advantage of vulnerabilities I present. As a main drawback, however, it overuses acronyms and jargon. She uses terms like “AMS” (Attacker Mindset) and “EA” (Ethical Attacker) way too much. She should just use the actual words so that I, as a reader, don’t have to mentally “look up” what those words mean.
As described in the subtitle, this book’s intended audience is security professionals. That’s somewhat of a misnomer. It should also be read by organizational leaders and other prime targets of attackers. Today, many of us cannot hide behind security professionals to anticipate our needs and teach us how to behave. We need to carefully apprehend the attacker mindset ourselves. This book provides an excellent way to do so. I still seek to read another book or two on technical details of cybersecurity, but Reynolds has masterfully taught me the often-overlooked psychology.
February 28, 2026
For more reviews and bookish posts visit: https://www.ManOfLaBook.com
The Art of Attack: Most People Are Puppets – Learn to Control the Strings by Maxie Reynolds is a cybersecurity book focusing on social-engineering. Ms. Reynolds is an outstanding social-engineer, published author and… an ex-stuntwoman.
I was very excited when I bought this book after hearing the author on an episode of DarkNet Diaries, I especially wanted to know more about the underwater datacenters. Unfortunately, this book only slightly touch that subject, but it is an interesting look into the social-engineer’s mindset.
The Art of Attack by Maxie Reynolds focuses on the discipline one needs in order to go through the “attack cycle”. Gather intel, find a pretext, find ways to approach without raising suspicions, and, just as important, how to get out.
Ms. Reynolds is super-professional and has a wide array of fascinating stories. She treats her career as a social engineer in an ethical manner, emphasizing scope, reporting, and doing right by her clients. She introduces her “Social Engineering Framework”, which is a systematic approach to the job instead of winging it as well as the Attackers Mindset (AM) which keeps here focus on the mission at hand.
There was very little new information in the book for me, but it was interesting to read about the industry from a woman’s perspective. Her stories about physically getting into highly secured buildings and areas are engaging, and are much more interesting than “run nmap“, for example.
A lot of what she talks about is common sense and psychology 101. Fooling people is not that difficult, and once you fooled them it’s almost child’s play to let them keep digging their own demise. I also found the book to be repetitive, which is fine if you want to enforce information but I didn’t think much of it needs enforcing.
But I’ve been doing this for a few decades so the value to those new to the information security industry, or physical security, will find this book much more valuable than me. If the book was anything like her interview on DarkNet Diaries, I would have gladly paid twice as much.
The Art of Attack: Most People Are Puppets – Learn to Control the Strings by Maxie Reynolds is a cybersecurity book focusing on social-engineering. Ms. Reynolds is an outstanding social-engineer, published author and… an ex-stuntwoman.
I was very excited when I bought this book after hearing the author on an episode of DarkNet Diaries, I especially wanted to know more about the underwater datacenters. Unfortunately, this book only slightly touch that subject, but it is an interesting look into the social-engineer’s mindset.
The Art of Attack by Maxie Reynolds focuses on the discipline one needs in order to go through the “attack cycle”. Gather intel, find a pretext, find ways to approach without raising suspicions, and, just as important, how to get out.
Ms. Reynolds is super-professional and has a wide array of fascinating stories. She treats her career as a social engineer in an ethical manner, emphasizing scope, reporting, and doing right by her clients. She introduces her “Social Engineering Framework”, which is a systematic approach to the job instead of winging it as well as the Attackers Mindset (AM) which keeps here focus on the mission at hand.
There was very little new information in the book for me, but it was interesting to read about the industry from a woman’s perspective. Her stories about physically getting into highly secured buildings and areas are engaging, and are much more interesting than “run nmap“, for example.
A lot of what she talks about is common sense and psychology 101. Fooling people is not that difficult, and once you fooled them it’s almost child’s play to let them keep digging their own demise. I also found the book to be repetitive, which is fine if you want to enforce information but I didn’t think much of it needs enforcing.
But I’ve been doing this for a few decades so the value to those new to the information security industry, or physical security, will find this book much more valuable than me. If the book was anything like her interview on DarkNet Diaries, I would have gladly paid twice as much.
October 14, 2021
This is an excellent introduction to a practically unknown industry. At least unknown by me until a few years ago.
Maxie's conversational approach of storytelling and education is exactly what I like to see in books. Give me something I can experience mentally and trick me into learning.
Her use of humor (as well as the self-beneficial concerns about a company's security) makes reading this book easy and friendly.
I will have to read this again to solidify this new newfound knowledge.
Maxie's conversational approach of storytelling and education is exactly what I like to see in books. Give me something I can experience mentally and trick me into learning.
Her use of humor (as well as the self-beneficial concerns about a company's security) makes reading this book easy and friendly.
I will have to read this again to solidify this new newfound knowledge.
January 28, 2023
Really boring and repetitive with very few examples.
Outside of several very partial descriptions of author experience she likes examples of spies… but she does not talk about having done insider information, so not clear how the story of Soviet engineer A. Tolkachev, who became a CIA spy is relevant to the subject matter, etc.
I stopped reading after 1/3-really tried for a couple of weeks as the subject is very interesting
Outside of several very partial descriptions of author experience she likes examples of spies… but she does not talk about having done insider information, so not clear how the story of Soviet engineer A. Tolkachev, who became a CIA spy is relevant to the subject matter, etc.
I stopped reading after 1/3-really tried for a couple of weeks as the subject is very interesting
February 3, 2026
If there is one part that every person should read, it's chapter 10. There an important topic of "elite data" that everyone should have an understanding of in the current day of technology.
Displaying 1 - 6 of 6 reviews