Book Review: Social Engineering: The Science of Human Hacking

This topic contains 3 replies, has 3 voices, and was last updated by  MTGreen 3 months, 2 weeks ago.

  • Author
    Posts
  • #168888
     BillV 
    Participant

    In his new book, “Social Engineering: The Science of Human Hacking, 2nd Edition,” Chris Hadnagy really hits the mark by providing a great overview of
    [See the full article at: Book Review: Social Engineering: The Science of Human Hacking]

  • #168926
     BillV 
    Participant

    Great book! Definitely enjoyed it. Thanks for the opportunity to write the review 🙂

  • #168929
     Don Donzal 
    Keymaster

    My pleasure. Thanks for being an active member!

    As for the book itself, I agree completely that there’s something in this for everyone. Learning how to interact with people comes naturally to some. But now that this is a science, it can be learned and practiced even by those who seemingly don’t have that talent. Getting better at being a “people person” has benefits far beyond a pen test.

    I’d love to hear stories from other EH-Netters of how social engineering skills helped not only in pen tests but also elsewhere.

    Don

  • #169067
     MTGreen 
    Participant

    Thanks for the review Bill!

    My favorite part was “Tips on avoiding a black eye.” 🙂

    I think that observation is a key element of social engineering. Pay attention to how people are prone to act, and give them an opportunity to act that way.

    I think you comments on pretexting and building a rapport are important.

    Social Engineering is a new face on the old confidence man subject. The more you person thinks they will get out of the interaction, the more likely that are to give.

    I am a coach, and fakes are a part of many sports. I have found that if an athlete fakes in a way his opponent expects him to go, the opponent bites hard. A commonly used word today outside of sports is narrative. If your actions are consistent with the subjects perspective on what should happen, you are set. Another way to put it is that people see what they want to see.

    That would suggest that reconnaissance is an important part of social engineering. Observe regular routines, and mimic them. Add a shift that is not so far out of scope to draw suspicion. The closer an action is to habit, the less thought will go into completing the action.

    From a pen testing perspective, I think it is important to look at an organization’s purposeful routines and exploit them, and also to introduce an unaddressed but predictable issue, and see how the employees respond.

    Finally, as for the art or the science. I thing the the most effective perspective is that social engineering is an art that barrows some techniques from science. The art is knowing which technique to use when, and being able to freestyle when necessary.

    Mike

You must be logged in to reply to this topic.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Copyright ©2018 Caendra, Inc.

Sign in with Caendra

Forgot password?Sign up

Forgot your details?