Social Engineering - Christopher Hadnagy [6]
Why This Book Is So Valuable
Many books are available on the market on security, hacking, penetration testing, and even social engineering. Many of these books have very valuable information and tips to help their readers. Even with all that the information available, a book was needed that takes social engineering information to the next level and describes these attacks in detail, explaining them from the malicious side of the fence. This book is not merely a collection of cool stories, neat hacks, or wild ideas. This book covers the world’s first framework for social engineering. It analyzes and dissects the very foundation of what makes a good social engineer and gives practical advice on how to use these skills to enhance the readers’ abilities to test the biggest weakness—the human infrastructure.
The Layout
This book offers a unique approach to social engineering. It is structured closely to the in-depth social engineering framework found at www.social-engineer.org/framework. This framework outlines the skills and the tools (physical, mental, and personality) a person should strive to possess to be an excellent social engineer.
This book takes a “tell and show approach” by first presenting a principle behind a topic then defining, explaining, and dissecting, then showing its application using collections of real stories or case studies. This is not merely a book about stories or neat tricks, but a handbook, a guide through the dark world of social engineering.
Throughout the book you can find many Internet links to stories or accounts as well as links to tools and other aspects of the topics discussed. Practical exercises appear throughout the book that are designed to help you master not only the social engineering framework but also the skills to enhance your daily communications.
These statements are especially true if you are a security specialist. As you read this book, I hope to impress upon you that security is not a “part-time” job and is not something to take lightly. As criminals and malicious social engineers seem to go from bad to worse in this world, attacks on businesses and personal lives seem to get more intense. Naturally, everyone wants to be protected, as evidenced by the increase in sales for personal protection software and devices. Although these items are important, the best protection is knowledge: security through education. The only true way to reduce the effect of these attacks is to know that they exist, to know how they are done, and to understand the thinking process and mentality of the people who would do such things.
When you possess this knowledge and you understand how malicious hackers think, a light bulb goes off. That proverbial light will shine upon the once-darkened corners and enable you to clearly see the “bad guys” lurking there. When you can see the way these attacks are used ahead of time, you can prepare your company's and your personal affairs to ward them off.
Of course, I am not contradicting what I said earlier; I believe there is no way to truly be 100% secure. Even top-secret, highly guarded secrets can be and have been hacked in the simplest of manners.
Look at the archived story at www.social-engineer.org/resources/book/TopSecretStolen.htm, from a newspaper in Ottawa, Canada. This story is very interesting, because some documents ended up in the wrong hands. These weren’t just any documents, but top-secret defense documents that outlined things such as locations of security fences at the Canadian Forces Base (CFB) in Trenton, the floor plan of the Canadian Joint Incident Response Unit, and more. How did the breach occur? The plans were thrown away, in the trashcan, and someone found them in the dumpster. A simple dumpster dive could have led to one of that country’s largest security breaches.
Simple-yet-deadly attacks are launched every day and point to the fact that people need education; need to change the way they adhere to password policies and the way they handle remote access to servers;