[Article]-Top 5 Tips To Make Social Engineering Your Career

[don]

The first of many news items for EH-Net in 2012 is that we have a brand new columnist. You all know him from his work at OffSec and then in the field of SE with his site and book. We're excited to have Chris as part of the EH-Net family. Hope you agree. Either side you fall on, let us know what you think.

Permanent link: [Article]-Top 5 Tips To Make Social Engineering Your Career

Chris Hadnagy

Over the last year social engineering has gotten a lot of press.  From the attacks on companies like Sony, HB Gary, PBS, Citibank et al to contests like the Social Engineering CTF at Defcon, it seems that social engineering has taken the front page. And rightfully so, as it is still the easiest and often most effective vector of attack.  With that in mind, many people are interested in learning what it will take to either add social engineering skills to their tool chest (either personally or as part of their red team) or even become a full-time, professional social engineer.

And that was the impetus behind Chris Hadnagy's new monthly column exclusively at The Ethical Hacker Network, how to become a professional social engineer. So to get the ball rolling, I compiled this Top 5 List to help each person make this a career path or at least add it to their present security practices. As we move through the coming months, we’ll explore the history, methodologies and practical experiments in attacking the human. It will not only be educational but eventually lucrative for you and your organizations.

Feedback is always welcomed,
Don

[lorddicranius]

Great first article!  I really enjoy listening to the Social-Engineer podcast and look forward to future articles from Chris.

As for free courses on psychology, there's a few over at Academic Earth from Yale, Berkeley, and UCLA:

http://www.academicearth.org/subjects/psychology

[Dark_Knight]

Niceeeee....as for books here is my list:

http://www.amazon.com/Its-Not-All-About-ebook/dp/B0060YIBLK/ref=sr_1_1?ie=UTF8&qid=1327540531&sr=8-1

http://www.amazon.com/Social-Engineering-Human-Hacking-ebook/dp/B004EEOWH0/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1327540603&sr=1-1

This I have not read but I hear it is very good:

http://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037702/ref=tmm_hrd_title_0?ie=UTF8&qid=1327540644&sr=1-1

I am looking forward to this series.

[alan]

Thanks for this article. Interesting to see so much interest in Bristol, UK, not far from me!


Here's a couple of links to some more material

Open University: http://www.open.edu/openlearn/body-mind/psychology

MIT Opencourseware: http://ocw.mit.edu/courses/brain-and-cognitive-sciences/


I'll also be interested in seeing the reviews for this book - Human Compromise by Mike Murr http://www.syngress.com/hacking-and-penetration-testing/Human-Compromise/ (when it comes out in a few months), but obviously, buy Chris' book/course first

[don]

Thanks for completing the homework assignment. ;-)

Anyone have questions of Chris or other resources for further study?

Don

[lorddicranius]

I thought of a quick question for Chris.  I wanted to verify some info from his site first, but it looks like they're (.org/.com) are down at the moment   I'll check again later.

[millwalll]

Cool some really good tips I recently done my first SE test for work and have written abit about it for anyone who interested.

http://jamierougive.co.uk/social-engineering-my-first-trip-out/

[lorddicranius]

Question for Chris: I've been the SE Framework posted on the social-engineer.org website, very comprehensive.  How closely does the live class relate to it?

[loganWHD]

Thank you for the great question.  The Framework is the basis for SE in my opinion.  The course follows the book more closely but with practical skills throughout the 5 days.

The Framework is closely related too, but it is not an outline for the course.

Does this help?

Are you coming to the class in Seattle?

[lorddicranius]

Yep, answers my question!

As for the Seattle class: I wish!  Seeing as how I'm only 3hrs away, it's a great location, just bad timing.  Funds are short at the moment   I really do hope that enough interest is shown from us west coasters for you to bring it back this way!

[Solinus]

Great article! Glad to see the writer added to the list of excellence here at EH Network. I look forward to reading future columns.
 I purchased his book as soon as it hit the market. Truly one of a kind; an excellent read! I dream of taking a course like his someday, but we in the northeast are on the forgotten list when it comes to great speakers and courses. Will glean what I can from these columns.

[loganWHD]

Where in the NE are you?

[3xban]

Solinus, depending on where you are, there are a few Bsides events that take place not to mention SchmooCon in DC.  We had a BSides in Meriden, CT last year as well as a 2nd event that followed the Bsides event - ExCon.  One of those will be coming back next year.  There is also Rochester Bsides and every so often Boston BSides.  I made the trip down to Delaware for their BSides 2 years in a row.  For a free Con, it is worth the gas money to travel.

We definitely have our events on this side of the country, you just need to keep an eye out.  I think there can always be more though

[loganWHD]

I plan on running one of my courses in DC/MD area.  Prolly not till 2013, but it will happen.