Want Sweet Deals? Join our Mailing List
By Joe Gray
Practical Social Engineering is a hands-on look at the cyber attacks that target human nature, with pentesting templates for performing SE ops, and tips for defending against them.
Download Chapter 4: GATHERING BUSINESS OSINT
Social engineering is the art of capitalizing on human psychology rather than technical vulnerabilities to compromise systems. It’s an effective method of attack because even the most advanced security detection teams can do little to defend against an employee clicking a malicious link or opening a file in an email and even less to what an employee may say on a phone call. This book will show you how to take advantage of these ethically sinister techniques so you can better understand what goes into these attacks as well as thwart attempts to gain access by cyber criminals and malicious actors who take advantage of human nature.
Author Joe Gray, an award-winning expert on the subject, shares his Social Engineering case studies, best practices, OSINT tools, and templates for both orchestrating (ethical) attacks and reporting them to companies so they can better protect themselves. His methods maximize influence and persuasion with creative techniques, like leveraging Python scripts, editing HTML files, and cloning a legitimate website to trick users out of their credentials. Once you’ve succeeded in harvesting information on your targets with advanced OSINT methods, Gray guides you through the process of using this information to perform real Social Engineering, then teaches you how to apply this knowledge to defend your own organization from these types of attacks.
You’ll learn:
Fast-paced, hands-on and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
May 2022, 230 pp.
ISBN-13: 9781718500983
Introduction
Part 1: The Basics
Chapter 1: What is Social Engineering?
Chapter 2: Ethical Considerations in Social Engineering
Part 2: Offensive Social Engineering
Chapter 3: Preparing for an Attack
Chapter 4: Gathering Business OSINT
Chapter 5: Social Media and Public Documents
Chapter 6: Gathering OSINT About People
Chapter 7: Phishing
Chapter 8: Cloning a Landing Page
Chapter 9: Detection, Measurement, and Reporting
Part 3: Defending Against Social Engineering
Chapter 10: Proactive Defense Techniques
Chapter 11: Technical Email Controls
Chapter 12: Producing Threat Intelligence
Appendix A: Scoping Worksheet
Appendix B: Reporting Template
Appendix C: Information Gathering Worksheet
Appendix D: Pretexting Samples
Appendix E: Exercises to Improve Your Social Engineering
“Gray provides a very accessible look at social engineering that should be essential reading for pentesters and ethical hackers.”
— Ian Barker, BetaNews
“I really liked the way that [Joe] lays out tools to use, including walking through where to download them from and install them . . . as beginner-friendly and as easy to use as possible.”
—Patrick Laverty, Layer 8 Podcast
We’ll send you sweet deals on upcoming books and let you know when new books are released. We’ll never sell, give away, or use your personal information for nefarious purposes. Choose the categories you’re interested in (check as many as you’d like):