Practical Social Engineering A Primer for the Ethical Hacker

A guide to hacking the human element.

Even the most advanced security teams can do little to defend against an employee clicking a malicious link, opening an email attachment, or revealing sensitive information in a phone call. Practical Social Engineering will help you better understand the techniques behind these social engineering attacks and how to thwart cyber criminals and malicious actors who use them to take advantage of human nature.

Joe Gray, an award-winning expert on social engineering, shares case studies, best practices, open source intelligence (OSINT) tools, and templates for orchestrating and reporting attacks so companies can better protect themselves. He outlines creative techniques to trick users out of their credentials, such as leveraging Python scripts and editing HTML files to clone a legitimate website. Once you’ve succeeded in harvesting information about your targets with advanced OSINT methods, you’ll discover how to defend your own organization from similar threats.
 
You’ll learn how to: 

Apply phishing techniques like spoofing, squatting, and standing up your own web server to avoid detection 

Use OSINT tools like Recon-ng, theHarvester, and Hunter 

Capture a target’s information from social media 

Collect and report metrics about the success of your attack 

Implement technical controls and awareness programs to help defend against social engineering

 
Fast-paced, hands-on, and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
 

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior OSINT Specialist at Qomplx, Inc. and previously maintained his own blog and podcast called Advanced Persistent Security. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. As a member of the Password Inspection Agency, Joe has placed 2nd in the HackFest Quebec Missing Persons CTF powered by TraceLabs, 2nd in the BSides Atlanta OSINT CTF, and 3rd Place in the 2018 & 2019 NOLACon OSINT CTFs. Joe has independently placed 2nd in the HackFest Quebec SECTF, 4th Place in the DerbyCon OSINT CTF, and 2nd Place in Hacker Jeopardy at Hack in Paris. Joe has contributed material for the likes of TripWire, AlienVault, ITSP Magazine, CSO Online, Forbes, and Dark Reading as well as his own platforms.

Introduction

Part 1: The Basics
Chapter 1: What is Social Engineering?
Chapter 2: Ethical Considerations

Part 2: Offensive Social Engineering
Chapter 3: Preparing to Attack
Chapter 4: Business OSINT
Chapter 5: Social Media and Public Documents
Chapter 6: People OSINT
Chapter 7: Phishing
Chapter 8: Building Landing Pages for Phishing
Chapter 9: Detection, Measurement, and Reporting

Part 3: Defending Against Social Engineering
Chapter 10: Proactive Defense Techniques
Chapter 11: Technical Email Controls
Chapter 12: Producing Threat Intelligence

Appendix A: Scoping Worksheet
Appendix B: Reporting Template
Appendix C: Information Gathering Worksheet
Appendix D: Pretexting Samples
Appendix E: Social Engineering Exercises