| |
Cover |
1 |
|
| |
Title Page |
5 |
|
| |
Copyright |
6 |
|
| |
About the Author |
9 |
|
| |
About the Technical Editor |
9 |
|
| |
Credits |
11 |
|
| |
Acknowledgments |
13 |
|
| |
Contents |
17 |
|
| |
Foreword |
21 |
|
| |
Preface |
23 |
|
| |
1 A Look into the New World of Professional Social Engineering |
25 |
|
| |
What Has Changed? |
26 |
|
| |
Why Should You Read This Book? |
28 |
|
| |
An Overview of Social Engineering |
30 |
|
| |
The SE Pyramid |
35 |
|
| |
OSINT |
35 |
|
| |
Pretext Development |
36 |
|
| |
Attack Plan |
36 |
|
| |
Attack Launch |
36 |
|
| |
Reporting |
36 |
|
| |
What’s in This Book? |
38 |
|
| |
Summary |
39 |
|
| |
2 Do You See What I See? |
41 |
|
| |
A Real-World Example of Collecting OSINT |
41 |
|
| |
Nontechnical OSINT |
46 |
|
| |
Observational Skills |
46 |
|
| |
Technical Open Source Intelligence |
56 |
|
| |
Two Other Things |
76 |
|
| |
Tools of the Trade |
83 |
|
| |
SET |
83 |
|
| |
IntelTechniques |
83 |
|
| |
FOCA |
84 |
|
| |
Maltego: The Granddaddy of Them All |
84 |
|
| |
Summary |
85 |
|
| |
3 Profiling People Through Communication |
87 |
|
| |
The Approach |
90 |
|
| |
Enter the DISC |
92 |
|
| |
What Is DISC? |
93 |
|
| |
To Know Thyself Is the Beginning of Wisdom |
95 |
|
| |
Summary |
104 |
|
| |
4 Becoming Anyone You Want to Be |
107 |
|
| |
The Principles of Pretexting |
108 |
|
| |
Principle One: Thinking Through Your Goals |
109 |
|
| |
Principle Two: Understanding Reality vs. Fiction |
111 |
|
| |
Principle Three: Knowing How Far to Go |
112 |
|
| |
Principle Four: Avoiding Short-Term Memory Loss |
115 |
|
| |
Principle Five: Getting Support for Pretexting |
118 |
|
| |
Principle Six: Executing the Pretext |
119 |
|
| |
Summary |
122 |
|
| |
5 I Know How to Make You Like Me |
125 |
|
| |
The Tribe Mentality |
127 |
|
| |
Building Rapport as a Social Engineer |
129 |
|
| |
The Moral Molecule |
130 |
|
| |
The 10 Principles of Building Rapport |
131 |
|
| |
The Rapport Machine |
144 |
|
| |
Use the Friends and Family Plan |
144 |
|
| |
Read |
144 |
|
| |
Take Special Note of Failures |
145 |
|
| |
Summary |
145 |
|
| |
6 Under the Influence |
147 |
|
| |
Principle One: Reciprocity |
149 |
|
| |
Reciprocity in Action |
149 |
|
| |
Using Reciprocity as a Social Engineer |
151 |
|
| |
Principle Two: Obligation |
152 |
|
| |
Obligation in Action |
152 |
|
| |
Using Obligation as a Social Engineer |
154 |
|
| |
Principle Three: Concession |
155 |
|
| |
Concession in Action |
155 |
|
| |
Using Concession as a Social Engineer |
157 |
|
| |
Principle Four: Scarcity |
158 |
|
| |
Scarcity in Action |
159 |
|
| |
Using Scarcity as a Social Engineer |
159 |
|
| |
Principle Five: Authority |
161 |
|
| |
Authority in Action |
163 |
|
| |
Using Authority as a Social Engineer |
164 |
|
| |
Principle Six: Consistency and Commitment |
166 |
|
| |
Consistency and Commitment in Action |
166 |
|
| |
Using Commitment and Consistency as a Social Engineer |
168 |
|
| |
Principle Seven: Liking |
170 |
|
| |
Using Liking as a Social Engineer |
171 |
|
| |
Principle Eight: Social Proof |
172 |
|
| |
Social Proof in Action |
173 |
|
| |
Using Social Proof as a Social Engineer |
173 |
|
| |
Influence vs. Manipulation |
175 |
|
| |
Manipulation in Action |
175 |
|
| |
Principles of Manipulation |
177 |
|
| |
Summary |
180 |
|
| |
7 Building Your Artwork |
181 |
|
| |
The Dynamic Rules of Framing |
183 |
|
| |
Rule 1: Everything You Say Evokes the Frame |
186 |
|
| |
Rule 2: Words T hat Are Defined with the Frame Evoke the Frame |
188 |
|
| |
Rule 3: Negating the Frame |
189 |
|
| |
Rule 4: Causing the Target to T hink About the Frame Reinforces the Frame |
190 |
|
| |
Elicitation |
192 |
|
| |
Ego Appeals |
192 |
|
| |
Mutual Interest |
194 |
|
| |
Deliberate False Statement |
196 |
|
| |
Having Knowledge |
198 |
|
| |
The Use of Questions |
201 |
|
| |
Summary |
206 |
|
| |
8 I Can See What You Didn’t Say |
207 |
|
| |
Nonverbals Are Essential |
208 |
|
| |
All Your Baselines Belong to Us |
211 |
|
| |
Be Careful of Misconceptions |
214 |
|
| |
Know the Basic Rules |
218 |
|
| |
Understand the Basics of Nonverbals |
220 |
|
| |
Comfort vs. Discomfort |
222 |
|
| |
Anger |
222 |
|
| |
Disgust |
225 |
|
| |
Contempt |
227 |
|
| |
Fear |
229 |
|
| |
Surprise |
231 |
|
| |
Sadness |
235 |
|
| |
Happiness |
239 |
|
| |
Summary |
244 |
|
| |
9 Hacking the Humans |
247 |
|
| |
An Equal Opportunity Victimizer |
248 |
|
| |
The Principles of the Pentest |
249 |
|
| |
Document Everything |
252 |
|
| |
Be Judicious with Pretexts |
252 |
|
| |
Phishing |
253 |
|
| |
Educational Phishing |
253 |
|
| |
Pentest Phishing |
254 |
|
| |
Spear Phishing |
255 |
|
| |
Phishing Summary |
256 |
|
| |
Vishing |
257 |
|
| |
Credential Harvesting |
257 |
|
| |
Vishing for OSINT |
259 |
|
| |
Vishing for Full Compromise |
260 |
|
| |
Vishing Summary |
263 |
|
| |
SMiShing |
264 |
|
| |
Impersonation |
265 |
|
| |
Planning an Impersonation Pentest |
266 |
|
| |
Considerations of Sanitization |
268 |
|
| |
Equipment Procurement |
269 |
|
| |
Impersonation Summary |
270 |
|
| |
Reporting |
270 |
|
| |
Professionalism |
271 |
|
| |
Grammar and Spelling |
272 |
|
| |
All the Details |
272 |
|
| |
Mitigation |
272 |
|
| |
Next Steps |
273 |
|
| |
Top Questions for the SE Pentester |
274 |
|
| |
How Can I Get a Job Being a Social Engineer? |
274 |
|
| |
How Do I Get My Clients to Do SE Stuff? |
275 |
|
| |
How Much Should I Charge? |
277 |
|
| |
Summary |
278 |
|
| |
10 Do You Have a M.A.P.P.? |
281 |
|
| |
Step 1: Learn to Identify Social Engineering Attacks |
283 |
|
| |
Step 2: Develop Actionable and Realistic Policies |
285 |
|
| |
Take the Thinking out of the Policy |
285 |
|
| |
Remove the Ability for Empathy Bypasses |
286 |
|
| |
Make Policies Realistic and Actionable |
287 |
|
| |
Step 3: Perform Regular Real-World Checkups |
288 |
|
| |
Step 4: Implement Applicable Security-Awareness Programs |
290 |
|
| |
Tie It All Together |
291 |
|
| |
Gotta Keep ’Em Updated |
292 |
|
| |
Let the Mistakes of Your Peers Be Your Teacher |
294 |
|
| |
Create a Security Awareness Culture |
295 |
|
| |
Summary |
298 |
|
| |
11 Now What? |
301 |
|
| |
Soft Skills for Becoming an Social Engineer |
301 |
|
| |
Humility |
302 |
|
| |
Motivation |
302 |
|
| |
Extroverted |
302 |
|
| |
Willingness to Try |
303 |
|
| |
It Really Works! |
303 |
|
| |
Technical Skills |
304 |
|
| |
Education |
305 |
|
| |
Job Prospects |
307 |
|
| |
Start Your Own Company |
307 |
|
| |
Get Hired by a Pentest Company |
307 |
|
| |
Get Hired by a Social Engineering Company |
308 |
|
| |
The Future of Social Engineering |
308 |
|
| |
Index |
311 |
|
| |
EULA |
322 |
|
