Promotional Information

An ethical introduction to social engineering; an attack technique that leverages psychology, deception, and publicly available information to breach the defenses of a human target in order to gain access to an asset. Social engineering is key to the effectiveness of any computer security professional.

Table of Contents

Introduction

Part 1: The Basics
Chapter 1: What is Social Engineering?
Chapter 2: Ethical Considerations in Social Engineering

Part 2: Offensive Social Engineering
Chapter 3: Preparing for an Attack
Chapter 4: Gathering Business OSINT
Chapter 5: Social Media and Public Documents
Chapter 6: Gathering OSINT About People
Chapter 7: Phishing
Chapter 8: Cloning a Landing Page
Chapter 9: Detection, Measurement, and Reporting

Part 3: Defending Against Social Engineering
Chapter 10: Proactive Defense Techniques
Chapter 11: Technical Email Controls
Chapter 12: Producing Threat Intelligence

Appendix A: Scoping Worksheet
Appendix B: Reporting Template
Appendix C: Information Gathering Worksheet
Appendix D: Pretexting Samples
Appendix E: Exercises to Improve Your Social Engineering

About the Author

Joe Gray is a veteran of the U.S. Navy. He is the Founder/Principal Instructor of The OSINTion, the Founder/Principal Investigator of Transparent Intelligence Services, and the inaugural winner of the DerbyCon Social Engineering CTF. A member of the Password Inspection Agency, he also won the TraceLabs OSINT Search Party at DEFCON 28, and recently authored the OSINT and OPSEC tools - DECEPTICON Bot and WikiLeaker.

Reviews

"Gray provides a very accessible look at social engineering that should be essential reading for pentesters and ethical hackers."
-Ian Barker, BetaNews

"I really liked the way that [Joe] lays out tools to use, including walking through where to download them from and install them . . . as beginner-friendly and as easy to use as possible."
-Patrick Laverty, Layer 8 Podcast