Social Engineering: The Science of Human Hacking
- Downloads:9963
- Type:Epub+TxT+PDF+Mobi
- Create Date:2021-09-06 06:54:06
- Update Date:2025-09-06
- Status:finish
- Author:Christopher Hadnagy
- ISBN:111943338X
- Environment:PC/Android/iPhone/iPad/Kindle
- Download
Summary
Harden the human firewall against the most current threats
Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker's repertoire--why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past。 The way that we make decisions as humans affects everything from our emotions to our security。 Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest。 This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited。
Networks and systems can be hacked, but they can also be protected; when the "system" in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely。 Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer's bag of tricks。
Examine the most common social engineering tricks used to gain access Discover which popular techniques generally don't work in the real world Examine how our understanding of the science behind emotions and decisions can be used by social engineers Learn how social engineering factors into some of the biggest recent headlines Learn how to use these skills as a professional social engineer and secure your company Adopt effective counter-measures to keep hackers at bay By working from the social engineer's playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts。 Social Engineering gives you the inside information you need to mount an unshakeable defense。
Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker's repertoire--why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past。 The way that we make decisions as humans affects everything from our emotions to our security。 Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest。 This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited。
Networks and systems can be hacked, but they can also be protected; when the "system" in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely。 Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer's bag of tricks。
Examine the most common social engineering tricks used to gain access Discover which popular techniques generally don't work in the real world Examine how our understanding of the science behind emotions and decisions can be used by social engineers Learn how social engineering factors into some of the biggest recent headlines Learn how to use these skills as a professional social engineer and secure your company Adopt effective counter-measures to keep hackers at bay By working from the social engineer's playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts。 Social Engineering gives you the inside information you need to mount an unshakeable defense。
Reviews
Woflmao
,
This is one of the few books that deals with the human element in security (mainly IT security here), known as Social Engineering (SE, for short)。 It begins with a short example-driven overview of the technical aspects of hacking humans (Open Source Intelligence, OSINT), but it is clear that this is not where Hadnagy's heart lies。 Rather, he likes to talk/write about the aspects of SE that involve a direct interaction with humans, and about 3/4 of the book are devoted to these。One should note th This is one of the few books that deals with the human element in security (mainly IT security here), known as Social Engineering (SE, for short)。 It begins with a short example-driven overview of the technical aspects of hacking humans (Open Source Intelligence, OSINT), but it is clear that this is not where Hadnagy's heart lies。 Rather, he likes to talk/write about the aspects of SE that involve a direct interaction with humans, and about 3/4 of the book are devoted to these。One should note that the subtitle "Science of Human Hacking" is not really appropriate, as the practice of human hacking is not science。 Some scientific results are quoted in this book, mainly from psychology, but they serve to give names, categories and structure to the techniques and concepts that social engineers have been using before anyway。 None of the social engineering techniques is actually developed through the application of science or by a scientific process (it would be perfectly fine to call SE an art, as in the first edition of this book)。Also, you will not learn how to be a social engineer from this book。 Pulling off the kind of deceptions and manipulations necessary for this work requires some very particular personality traits, brazenness or chutzpa if you like, and very strong nerves。 Maybe some of this could be learned, but not from reading a book。 Nevertheless, the information in this book is valuable for anyone wishing to understand SE better, and can be useful, say, for integrating SE into a Red Team exercise or to increase security awareness in the employees of a potential target。The text proceeds by chapter-wise addressing certain manipulation techniques and exploitations of human behaviours and feelings。 It is heavily based on anecdotes to illustrate its points。 Not all of these examples fit the point they are supposed to make very well, though。 In some places it feels like the Hadnagy simply wants to tell that particular story and then comes up with a forced reason why it should illustrate a certain point。 Anyway, these anecdotes are entertaining and at least teach you something, even if it is not always what they are meant to teach。 Some reviewers wrote that this is an "American-style book", meaning it is verbose, meandering and boastful。 That is true。 The book is clearly aimed at an American audience, and I would really like to see some of Hadnagy's more charm-driven hacking approaches tried against people from a different culture, say Germans or Russians。 As an aside, there is actually an interesting aspect to this, which is not addressed in this book but in an episode of Hadnagy's podcast (the one on "baking a human cake")。 A guest on this episode explains that human hacking essentially works by manipulating some basic feelings, which is independent of one's culture, but the way to go about it can depend strongly on the cultural background of your target。 This might have been a good addition to the book。 Another thing I found bothersome was that throughout the book, Hadnagy tries to frame SE as if the social engineer was doing something for the benefit of the target person ("make them feel better for having met you")。 The idea is that you employ manipulation techniques that play on the positive feelings of your target person rather than their negative ones。 Make no mistake! A social engineer is essentially a con-artist, even if he/she gets hired to do a penetration test that is ultimately for the benefit of the customer。 But regardless of how you frame it, what you do is lying and manipulating people。 Making a person feel better for having met you is not the same as actually making the person better。 SE gets you what you want, not what your target person wants。 And even if it happens in the bounds of a penetration test that helps a company improve security, the person who ultimately fell victim to the social engineer will not feel better about having been tricked, and will possibly suffer other consequences as well。 The idea behind this mantra of doing good by SE is simply for social engineers to be more at peace with their work。For a 3rd edition of this book, I would wish for the text to be more streamlined, less boastful and better structured, SE to be called an art and not a science, a take on cultural aspects of SE, and a bibliography with references for the quoted scientific works and for more in-depth exploration of some topics。 。。。more
Jorge
,
Just OK。Written by Christopher Hadnagy, Social Engineering: The Science of Human Hacking shows an overall approach to different SE techniques and some other extra stuff here and there, however, in most of the topics he refers to other books written by (surprise, surprise) C。 Hadgany himself。The book becomes repetitive quite soon。 In spite of the fact that the anecdotes show examples of the subjects being discussed, it is not very clear what the audience is supposed to be。 In addition, Hadnagy ma Just OK。Written by Christopher Hadnagy, Social Engineering: The Science of Human Hacking shows an overall approach to different SE techniques and some other extra stuff here and there, however, in most of the topics he refers to other books written by (surprise, surprise) C。 Hadgany himself。The book becomes repetitive quite soon。 In spite of the fact that the anecdotes show examples of the subjects being discussed, it is not very clear what the audience is supposed to be。 In addition, Hadnagy makes important omissions in the reporting chapter; for example, he mentions a balance between the level of detail being included in the report, however, that really depends on the audience of the report but he never brings that up。If you're not familiar at all with SE, I'd recommend this book; otherwise, you may want to explore other books, including the ones written by C。 Hadnagy。 。。。more
Fermin Quant
,
Very informative book to learn about Social Engineering。 It made me realize that I would definitely fall for a spear phishing attack done by a professional, and I am very information security aware。The book is a light read, it has good information and fun anecdotes。 The purpose seems to be for aspiring social engineers, but I only read out of curiosity, and I learned a lot about this field and about how humans are and why they fall for these attacks。 Worth the read。
Alexander
,
Good introThe book was a great start for someone who wants to learn about SE and human psychology。 I gave it 3 stars because I was expecting more psychology insight。
Chris
,
Social Engineering ist seit Jahren auf dem Vormarsch und Christopher Hadnagy einer der großen Experten auf diesem Gebiet。 Dementsprechend viele spannende Geschichten aus der Praxis kann er erzählen。 Das Thema betrifft die meisten Büroangestellten, dafür ist das Buch leider zu lang und fachspezifisch。 Gerade der Anfang des Buchs, bei dem er sich Zugang zu einer Firma verschafft, sowie das Ende mit Empfehlungen für eine gute Umsetzung von Gegenmaßnahmen haben mir sehr gut gefallen。 In der Mitte ha Social Engineering ist seit Jahren auf dem Vormarsch und Christopher Hadnagy einer der großen Experten auf diesem Gebiet。 Dementsprechend viele spannende Geschichten aus der Praxis kann er erzählen。 Das Thema betrifft die meisten Büroangestellten, dafür ist das Buch leider zu lang und fachspezifisch。 Gerade der Anfang des Buchs, bei dem er sich Zugang zu einer Firma verschafft, sowie das Ende mit Empfehlungen für eine gute Umsetzung von Gegenmaßnahmen haben mir sehr gut gefallen。 In der Mitte hat mich das Buch leider ein wenig verloren。 。。。more
Iain McGonigle
,
Good read and insights into Social Engineering。 The author presented the content well。
Ryan Crawford
,
This is a good book。 Chris Hadnagy does a great job outlining social engineering attacks, effectiveness of the attacks and mitigation。 The stories that accompanied the techniques were entertaining and Chris’s humility is something to be admired。 I only wish there was a larger section on reading body language。 Excellent read。
Pooja Joshi
,
A very interesting read, especially in a world full of advanced tech。 However, the book goes over how the human element of all the tech companies make them more vulnerable to impersonation, phishing, and other kinds of attacks。
Jorge
,
Fun fact。
Aivars Peisenieks
,
Good to know and understand how one can be "studied" and influenced。 Informed = Prepared Good to know and understand how one can be "studied" and influenced。 Informed = Prepared 。。。more
Diego
,
This is my second book on social engineering that I have read and God I want to learn more and to be able to enter this world of self to help
Tony WANG
,
According to the author, social engineering is the understanding how human communicate sort of like the art of persuasion and manipulation。 He gave a broad overview about the emerging field。 Quite a lot of wishy washy statements like how “social engineering” can change your life and how it is important to be a “social engineer”。 Nice sounding titles to throw around indeed。 I am afraid thats all about it。 This book is very repetitive and extremely tedious to read。 Not only that, the structure of According to the author, social engineering is the understanding how human communicate sort of like the art of persuasion and manipulation。 He gave a broad overview about the emerging field。 Quite a lot of wishy washy statements like how “social engineering” can change your life and how it is important to be a “social engineer”。 Nice sounding titles to throw around indeed。 I am afraid thats all about it。 This book is very repetitive and extremely tedious to read。 Not only that, the structure of the book is all over the place。 A bit of advice here, a bit of anecdotes there。 In short, my key takeaway is: be careful of what you put on the Web。 Someone out there can always exploit a way to track and trace your online footprints。 。。。more
Johannes
,
A well-written and story-driven practical book on SE。 In parts already knew the techniques used and in parts totally blew my mind how hackable we as humans are。 A primer for defending yourself, your company and the people close to you。
Fahima
,
It's a book for beginners。 Some of the chapters is logical and I had previously learned。 It's annoying that he refers so much to his podcasts, instead of going directly to the point。 But some of the tools and technique is useful。 And some of the jokes is fun。 If you are beginning in security or social engineering - read it。 It's a book for beginners。 Some of the chapters is logical and I had previously learned。 It's annoying that he refers so much to his podcasts, instead of going directly to the point。 But some of the tools and technique is useful。 And some of the jokes is fun。 If you are beginning in security or social engineering - read it。 。。。more
Matías
,
This is my first Social Engineering book, so I don't think I am entitled to give a strong opinion or be able to compare it。Nevertheless, I enjoyed the book, it's easy reading, but what I found most demotivating was the "non-relatableness" of the book。 Most of the strategies developed in the book would never work here in Argentina。There is a huge cultural gap between US and Argentina when it comes to social engineering as it is portrayed in this book。 This is my first Social Engineering book, so I don't think I am entitled to give a strong opinion or be able to compare it。Nevertheless, I enjoyed the book, it's easy reading, but what I found most demotivating was the "non-relatableness" of the book。 Most of the strategies developed in the book would never work here in Argentina。There is a huge cultural gap between US and Argentina when it comes to social engineering as it is portrayed in this book。 。。。more
Zainab Al Lawati
,
I never knew Social Engineering is career path。 I feel I missed my calling。 Not that I am good at anything mentioned in the book, but it seems as something I'll have a blast practicing and doing :DThis was very informative and motivating read, I enjoyed the stories as much as I enjoyed the techniques。 The book was well organized and flowed nicely, many information I knew before but the way he presented them and supported them with examples was well done。I am probably going to purchase a physical I never knew Social Engineering is career path。 I feel I missed my calling。 Not that I am good at anything mentioned in the book, but it seems as something I'll have a blast practicing and doing :DThis was very informative and motivating read, I enjoyed the stories as much as I enjoyed the techniques。 The book was well organized and flowed nicely, many information I knew before but the way he presented them and supported them with examples was well done。I am probably going to purchase a physical book as opposed to the audio version I finished just to make practicing easier。 Be aware my dear family 😈If anyone in Oman is offering Social Engineering Services, please let me know :DNot that I am changing my career at all, but the service is very interesting and I couldn't find any provider in Oman。 。。。more
Omar Gudiño
,
Excelente libro 100% recomendazoExcelente libro 100% recomendado, he seguido varios de sus libros y cada uno de ellos me sorprende mas lo vulnerable que somos los humanos。
Tony
,
3/4 I already knew and didn’t really enjoy it。 Many of the stuff were unnecessary, like comments which were not so relevant to the point that author was making or that social engineer needs to be motivated, not afraid to fail and so on。。。 well duh, that’s obvious and is applied to ANY REAL WORLD PROFESSION。 There were parts which were indeed useful, like trick questions and real examples how to get what you want。 Also the tools that engineer can use were very helpful。 However, that only covered 3/4 I already knew and didn’t really enjoy it。 Many of the stuff were unnecessary, like comments which were not so relevant to the point that author was making or that social engineer needs to be motivated, not afraid to fail and so on。。。 well duh, that’s obvious and is applied to ANY REAL WORLD PROFESSION。 There were parts which were indeed useful, like trick questions and real examples how to get what you want。 Also the tools that engineer can use were very helpful。 However, that only covered minor part of the book。 This book is for beginners who have literally no clue about security。 。。。more
Shmuel Shoop
,
Great book really takes a deep dive into social engineering
Erica Mays
,
A great overall into to social engineering with links out to further resources in a variety of categories。 Highly recommended!
O。E。 Tearmann
,
Interesting, but the writer spent a good bit too much time stating that you needed to read his book and that it is revolutionary。 I started wondering what he was selling besides a book。
Ben Rothke
,