Hot Best Seller

Social Engineering: The Art of Human Hacking

Availability: Ready to download

The first book to reveal and dissect the technical aspect ofmany social engineering maneuvers From elicitation, pretexting, influence and manipulation allaspects of social engineering are picked apart, discussed andexplained by using real world examples, personal experience and thescience behind them to unraveled the mystery in socialengineering. Kevin Mitnick--one of the m The first book to reveal and dissect the technical aspect ofmany social engineering maneuvers From elicitation, pretexting, influence and manipulation allaspects of social engineering are picked apart, discussed andexplained by using real world examples, personal experience and thescience behind them to unraveled the mystery in socialengineering. Kevin Mitnick--one of the most famous social engineers inthe world--popularized the term "socialengineering." He explained that it is much easier to tricksomeone into revealing a password for a system than to exert theeffort of hacking into the system. Mitnick claims that this socialengineering tactic was the single-most effective method in hisarsenal. This indispensable book examines a variety of maneuversthat are aimed at deceiving unsuspecting victims, while it alsoaddresses ways to prevent social engineering threats. Examines social engineering, the science of influencing atarget to perform a desired task or divulge information Arms you with invaluable information about the many methods oftrickery that hackers use in order to gather information with theintent of executing identity theft, fraud, or gaining computersystem access Reveals vital steps for preventing social engineeringthreats Social Engineering: The Art of Human Hacking does itspart to prepare you against nefarious hackers--now you can doyour part by putting to good use the critical information withinits pages.


Compare

The first book to reveal and dissect the technical aspect ofmany social engineering maneuvers From elicitation, pretexting, influence and manipulation allaspects of social engineering are picked apart, discussed andexplained by using real world examples, personal experience and thescience behind them to unraveled the mystery in socialengineering. Kevin Mitnick--one of the m The first book to reveal and dissect the technical aspect ofmany social engineering maneuvers From elicitation, pretexting, influence and manipulation allaspects of social engineering are picked apart, discussed andexplained by using real world examples, personal experience and thescience behind them to unraveled the mystery in socialengineering. Kevin Mitnick--one of the most famous social engineers inthe world--popularized the term "socialengineering." He explained that it is much easier to tricksomeone into revealing a password for a system than to exert theeffort of hacking into the system. Mitnick claims that this socialengineering tactic was the single-most effective method in hisarsenal. This indispensable book examines a variety of maneuversthat are aimed at deceiving unsuspecting victims, while it alsoaddresses ways to prevent social engineering threats. Examines social engineering, the science of influencing atarget to perform a desired task or divulge information Arms you with invaluable information about the many methods oftrickery that hackers use in order to gather information with theintent of executing identity theft, fraud, or gaining computersystem access Reveals vital steps for preventing social engineeringthreats Social Engineering: The Art of Human Hacking does itspart to prepare you against nefarious hackers--now you can doyour part by putting to good use the critical information withinits pages.

30 review for Social Engineering: The Art of Human Hacking

  1. 5 out of 5

    Todd

    Let me start by saying that Social Engineering is one of the two areas of information security where I have specialized (in addition to application security), so I was looking forward to this book, and, undoubtedly, I set my expectations too highly. Here is a big part of where my excitement originated: this book is one of the first books to pull together commentary on the types of things social engineers have known and been doing. This book, as well as social-engineer.org and _No Tech Hacking_ ar Let me start by saying that Social Engineering is one of the two areas of information security where I have specialized (in addition to application security), so I was looking forward to this book, and, undoubtedly, I set my expectations too highly. Here is a big part of where my excitement originated: this book is one of the first books to pull together commentary on the types of things social engineers have known and been doing. This book, as well as social-engineer.org and _No Tech Hacking_ are essentially pioneers at getting these techniques, tips, and tactics collected beyond an anecdotal way. That said, it was badly put together: * Numerous assertions were not fact-checked (some having been repeatedly debunked) * The audience wasn't clear, and seemed to mutate * Commentary meandered, went off-topic, and even repeated itself in unhelpful ways * The use of quotes, anecdotes, and studies seemed haphazard * Long web links were written out in the books, instead of shortened ones * etc. For most of the above, I can't totally blame the author, who was coming to this as a Social Engineering subject matter expert, not a writer, but the publisher or editor should have been on top of those things. What was probably most frustrating about the aforementioned items, however, is that the book could spend so much time on the arts of persuasion, and fully fail to execute them in text. As far as the content (assuming an editor or ghost-writer could have given it flow and cohesion), most of the information was 5-15+ years old. To be fair, however, this is not totally an indictment of the book, but also the security industry as a whole, which is primarily an artifact of our collective tendency to revel in our exploits rather than put effort and attention into addressing the problems that lead to easy social engineering (or other security) exploits. (Note: this trend is repeated in this book, too, with 24 of 382 pages being about "Prevention and Mitigation"). In the end, this book was due back at the library, so, while I read over half of it, I ended up skimming the rest. It wasn't worth checking out, again.

  2. 4 out of 5

    Simone

    I first became aware of the concept of Social Engineering when I read and I was blown away! It was very exciting – that guy has GUTS! I wanted to read more about the technique, not necessarily with the goal of learning how to social-engineer people in mind, but rather to try and recognize the signs so I can detect if ever I am being social-engineered! This book is quite thorough and there is no denying the material is interesting, but I found it too long. There was too much “telling me about w I first became aware of the concept of Social Engineering when I read and I was blown away! It was very exciting – that guy has GUTS! I wanted to read more about the technique, not necessarily with the goal of learning how to social-engineer people in mind, but rather to try and recognize the signs so I can detect if ever I am being social-engineered! This book is quite thorough and there is no denying the material is interesting, but I found it too long. There was too much “telling me about what I’m about to read” which I found completely redundant and annoying. Don’t tell me about what you are going to write, just write it and let me read it!! Aside from that complaint, the book had me hooked.

  3. 5 out of 5

    Trav

    An easy read. The audience is not clear, but I do not believe it needs to be. The fact that the author repeatedly talks throughout about techniques you can use to social engineer, but then closes the book out with a chapter on "Prevention and Mitigation" highlighted, to me, that the book was designed more as a wake-up call to those, like the CEO he mentions in one of his case study, that believe themselves immune from the potentially negative effects of social engineering. I find it interesting An easy read. The audience is not clear, but I do not believe it needs to be. The fact that the author repeatedly talks throughout about techniques you can use to social engineer, but then closes the book out with a chapter on "Prevention and Mitigation" highlighted, to me, that the book was designed more as a wake-up call to those, like the CEO he mentions in one of his case study, that believe themselves immune from the potentially negative effects of social engineering. I find it interesting that the author talks at length about the use of cloned sites and the use of malicious code on websites as a tool for the social engineer, and then directs the reader to specific sites, and .pdf files throughout the book. I am not sure if I am imputing too much to the author's strategy in writing the book, but the willingness to look at those websites and find those .pdfs to be an interesting example of social engineering in and of itself. In summ: the book was depressingly informative and thought provoking. I think that it does offer an effective wake-up call, but can also have the effect of making those prone to paranoia flip-out. I also note the irony of writing a review of a social engineering book on a website which in turn is an avenue for social engineering.

  4. 4 out of 5

    Sebastian Gebski

    3-3.5 stars. Book contains plenty of useful information, but I didn't like it at all ;/ Why? 1. Narrator in Audible version was far too monotonous & made even the most interesting cases sound dull. 2. Book is too repetitive, while in the same time it lacked clear structure -> this deepens the feeling of repetition 3. Author does a lot of 'cheap' NLP on the reader -> to easy to look through & too annoying ("next, you'll read about the best & most fascinating techniques of influence a 3-3.5 stars. Book contains plenty of useful information, but I didn't like it at all ;/ Why? 1. Narrator in Audible version was far too monotonous & made even the most interesting cases sound dull. 2. Book is too repetitive, while in the same time it lacked clear structure -> this deepens the feeling of repetition 3. Author does a lot of 'cheap' NLP on the reader -> to easy to look through & too annoying ("next, you'll read about the best & most fascinating techniques of influence and manipulation that will blow your mind!!!" - sort-of-style) 4. Author ain't just inspired by classics, he explicitly quotes techniques & even full cases (!) - e.g. from Mittnick's "Art of Deception". Well, he doesn't hide it (quite the contrary), but it also means that if you've read Cialdini, Mittnick & some NLP stuff, you won't find anything really new (or refreshing) here. So, if you haven't read anything on SE until now, it's a good starter - easy ready, comprehensive enough, very practical. Sometimes confusing (author can't decide whether it's supposed to serve white-hack SEs or individuals who should raise their awareness), but still useful. If you've already read something OR you want to start with more comprehensive psychological approach, start with Cialdini ("Influence" should go first).

  5. 5 out of 5

    Aija

    A typical american-style book - too much repetition and redundancy of words. Other than that, it is a nice systematic review of social engineering methods. And while reading this book I realized why we shouldn't share every bit of information about ourselves in social networks (it's not like I didn't know it, but now I understand it). However, not sharing information on social networks also is information that can be used, so I conclude with same as the author: security through education. Need to A typical american-style book - too much repetition and redundancy of words. Other than that, it is a nice systematic review of social engineering methods. And while reading this book I realized why we shouldn't share every bit of information about ourselves in social networks (it's not like I didn't know it, but now I understand it). However, not sharing information on social networks also is information that can be used, so I conclude with same as the author: security through education. Need to be aware of this.

  6. 5 out of 5

    Ryan Lackey

    This book is far from perfect, but it is the best book I’ve found on how-to social engineering as an overall field vs either a bunch of case studies or narrow guides to specific techniques. The biggest problem was using the same set of examples to illustrate multiple ostensibly distinct techniques — admittedly a lot of the distinctions were arbitrary to begin with — and the structure of the book wasn’t as clear as it could be. However, this book (and the author’s other resources on the Internet) This book is far from perfect, but it is the best book I’ve found on how-to social engineering as an overall field vs either a bunch of case studies or narrow guides to specific techniques. The biggest problem was using the same set of examples to illustrate multiple ostensibly distinct techniques — admittedly a lot of the distinctions were arbitrary to begin with — and the structure of the book wasn’t as clear as it could be. However, this book (and the author’s other resources on the Internet) are great resources for interested individuals, non-SE security people, or administrators.

  7. 4 out of 5

    Vlad

    Decent book if this is one's first interaction with the topic. If not, the repetitive, meandering and occasionally off-topic commentary coupled with a hefty amount of outdated information, plus the long internet links thrown in together with the text, instead of in an appendix, will make it a difficult read at times. With these shortcomings aside, I did appreciate the topics on information gathering, microexpressions, the description of Kali Linux's (still called Backtrack when the book was writt Decent book if this is one's first interaction with the topic. If not, the repetitive, meandering and occasionally off-topic commentary coupled with a hefty amount of outdated information, plus the long internet links thrown in together with the text, instead of in an appendix, will make it a difficult read at times. With these shortcomings aside, I did appreciate the topics on information gathering, microexpressions, the description of Kali Linux's (still called Backtrack when the book was written) tools that are oriented towards social engineering, and some of the case studies.

  8. 5 out of 5

    Abbas

    Arm yourself with knowledge. This book looked to me like it has broke human relations down into fine pieces and made it easy to understand. The book bases its arguments on reasearch the author's team and other psychologists have conducted as well as public experiments and events. The one thing this book was, to me, lacking was examples from history.

  9. 5 out of 5

    vadász szőlő

    I found that this book is vary interesting. After reading this book I watched the Television show that the author made about the same thing. Wile reading this book I learned about social engineering and how to use and manipulate people using the tactics used in the book. The book also is a good thing to learn about to protect your self from the people trying to hurt or scam me using the tactics in the book. This book shows how to make people do what you want to do, wile also making them think i I found that this book is vary interesting. After reading this book I watched the Television show that the author made about the same thing. Wile reading this book I learned about social engineering and how to use and manipulate people using the tactics used in the book. The book also is a good thing to learn about to protect your self from the people trying to hurt or scam me using the tactics in the book. This book shows how to make people do what you want to do, wile also making them think its their idea and to make them think that it will also benefit them, but actually is putting them at a disadvantage on them. Giving me or the attacker the advantage. The book also shows how to infiltrate corporations to get information. From reading this book It has showed me the light in the dark and now when I grow up I want to use use this info in a job in the future. This book has sparked a interest in me to fine more about social engineering as a hobby and as a job. I will only use this book information to do good and not for evil entente. I be leave everyone should read this book. It shows how to protect your self from people who want to harm you by showing how to prevent it. To keep your information, and possibly company safe from harms way. "If you know the enemy and know yourself you need not fear the results of a hundred battles. —Sun Tzu (Page 25)" "War is ninety percent information. —Napoleon Bonaparte (Page 47)"

  10. 4 out of 5

    Wael Ghnimi

    I enjoyed reading the book. Those who listen to the social engineering podcast, in which the author takes part, will find in the book most of the topics dealt in the first 20 something podcast episodes. This book is the written witness of the spirit present in the social-engineer podcast. SE book highlights : In this post, I fly over, following a very personal route, the main ideas that the 9 chapters of this book contain. The book is easy to read. Every chapter conveys some summary points plus a I enjoyed reading the book. Those who listen to the social engineering podcast, in which the author takes part, will find in the book most of the topics dealt in the first 20 something podcast episodes. This book is the written witness of the spirit present in the social-engineer podcast. SE book highlights : In this post, I fly over, following a very personal route, the main ideas that the 9 chapters of this book contain. The book is easy to read. Every chapter conveys some summary points plus a brief summary at the end. This facilitates the identification of the learning points. The lessons learnt are applicable in almost every aspect of our lives. By no means this summary aims to replace the reading of the book. On the contrary, this is a book I recommend to read, not only to information security professionals, but also to anyone interested in knowing how human beings tick. This book is a valuable tool when modelling human behaviour. Actually, if there is intelligent life in outer space and they need to liaise with humans, this is one of the books that they need to read so that they can understand humans. chapter 1 - introduction to social engineering This first chapter describes the different types of social engineers. Interesting point: governments are also social engineering actors. chapter 2 - information gathering Chapter 2 mentions information gathering tools like BasKet and Dradis. There are also two telling examples, the USB example mixed with an encounter in a cafe and the stamp collector story. Some points that I highlight are the following: Interesting their message that every one can have and have different personal realities (page 44). Most of the time people want to help (page 52). chapter 3 - elicitation Elicitation is non-threatening and it is very successful (page 58). It is eye-opening to know that a simple light conversation is all it takes to get some of the best information out of many people (page 58).This chapter mentions the intricacies of elicitation, such as how preloading the target with info or ideas on how we wanted them to react to certain info is a good start (page 62). They mention an example related to "how to convince your partner to go for dinner to a steak house" (page 62) - it is worth-reading it - would that really work? A basic way of elicitation is to start a conversation with "I would like to tell you a really funny story" (page 63). The author also mentions the concept of preloading. From an social engineering (SE) viewpoint, "preloading involves knowing your goals before you start". Expressing a mutual interest is more powerful than appealing to someone's ego: another important learning point (page 67). More information on elicitation can be found in the social-engineer.org site. Some of the elicitation techniques that the book mentions are: Appealing to one's ego. Expression of mutual interest. Deliberate false statements. Volunteering information. Assumed knowledge. The effects of alcohol (not a different technique but equally effective). Open ended questions, what do you think of the weather today? Let's define some concepts that the book presents: Elicitation is the process of extracting information from something or someone. Read the definition on the social-engineer.org site. Pretexting is the act of creating an invented scenario to persuade a targeted victim to release information or perform some action. Preloading is influencing subjects before the event. Think about a movie's pre-release trailers. They use desired outcome words such as “The best film you have ever seen!” This technique works great when introducing anything. Preloading is a component of a social engineer attack. Some of the techniques the author mentions are: Use open-ended questions to obtain detailed information (page 70). Closed-ended questions are appropriate to lead the target to a goal (page 72). Asking people a leading question in order to manipulate their memory (page 73). Assumptive questions - you need knowledge before hand so they need to be used with care (page 73). chapter 4 - pretexting The ideas mentioned around pretexting i.e. creating the background story that makes up the character you will be for the social engineering audit, rotate on these points: On the Internet you can be anyone you want to be. Create a scenario where people are comfortable with providing information they would normally not provide. Practice makes a good pretext. Self-confidence is always related to a situation. Cognitive disonance: People have the tendency to seek consistency among beliefs, opinions and cognitions. Dialect - you need to master the right pretexting dialect - at least spend some time listening to people in public talking to each other. Play it back later (from the recorder) this is recommendable Use an outline script. Use sounds from e.g. thrivingoffice.com Do not try to make the pretext elaborate Keep yourself within the legal arena chapter 5 - mind tricks According to this chapter, we need to identify the target dominant's way of thinking. The author refers to Dr. Paul Ekman. He showed that emotions are universal across cultures and biological backgrounds. He worked with basic emotions through the microexpressions that show those emotions. However, these skilled people could show those microexpressions in a different time. This chapter mentions a possible way to overcome the client's reluctance to communicate: We need to identify whether they are a fan of sight, hearing or feeling (the site www.examiner.com is mentioned as a source of info). We also need to try to identify deception by identifying contradiction, hesitation and changes in behaviour and hand gestures. Some of the NLP language patterns to influence change on interlocutors have to do with the voice tone (site mentioned: planetnlp.com). There is also a general recommendation to watch for a group of signs and not only one sign to determine the baseline of our interlocutor. A set of leads on which we have to focus are microexpressions, body language cues, changes in verb tense and person use. An example of anchoring is linking a statement of a like kind with a certain gesture. An valuable fact: People retain less than 50% of what they hear. As smart interlocutors, we need to react to the message, not to the person. For example, a way to state something could be "it sounds to me like you are" rather that using "you are" alone. While practicing all these techniques, we need to develop a genuine interest and let the other person talk about herself until she gets bored of it. Let's remember that people's fundamental needs are: Love/connecting Power/significance Freedom/responsibility Fun/learning The effect of young star photos Breathe at the same pace as your target People like people who are like themselves Human buffer overflow = law of expectation + mental padding + embedded roles chapter 6 - influence: The power of perceptionThis chapter mentions concepts such as "kill them (verbally) with kindness", scarcity and concessions and again that simply asking the target a question can lead to amazing results. We can manipulate attention through the use of scarcity. Let's remember that people are driven to desire that which is hard to obtain. Chapter 6 lists these types of authority: Legal authority. Organisational authority. Social authority (in western countries, clothing, cars and titles). The author also describes the value of commitment and consistency with actions (e.g. people are more prone to help you when you leave a bag unattended if you previously ask someone to look after it) and some additional ideas such as: Liking (people like people who like them). People need to be liked, they change their behaviour to be liked by others. Good-looking people succeed more than not good-looking people. Humans attribute more good traits and skills to good-looking people. chapter 7 - the tools of the social engineer We can read about lock picking, intelligence gathering using public sources, tools like Maltego, SET and password profilers. chapter 8 - case studies: Dissecting the social engineer This chapter provides a valuable set of examples coming from the author and from Mr Mitnick himself. chapter 9 - prevention and mitigation The bottomline: Prevention and mitigation creating a personal security awareness culture and the importance of developing scripts and being aware of the criticality of the information you are dealing with.

  11. 5 out of 5

    Sal Coraccio

    A well done overview with added depth in key areas - overall, an excellent resource for any IT professional and will provide utility for a penetration tester looking to strengthen the person-to-person attack vector. This book is probably best served as paper, versus audio - or at least supplemented with the actual book. This is partly due to the many lists and references and partly due to the off-putting narration. It wasn't bad, but "good" isn't quite the right word either. This book and further A well done overview with added depth in key areas - overall, an excellent resource for any IT professional and will provide utility for a penetration tester looking to strengthen the person-to-person attack vector. This book is probably best served as paper, versus audio - or at least supplemented with the actual book. This is partly due to the many lists and references and partly due to the off-putting narration. It wasn't bad, but "good" isn't quite the right word either. This book and further study (and practice) in the areas outlined are a means to becoming a more effective Penetration tester. To the accusers that Hadnagy is presenting tools for manipulation, and criticizing him for that... you are missing the point. Attackers will use whatever means; ethical or not, to infiltrate a company's infrastructure. NLP, framing, microexpressions - all of the tools and techniques covered in this book. And they will use others only partly acknowledged in this book, such as blackmail and other means of social leverage. Understanding that "manipulating" humans is common in this field is vital to defense against them. It is ironic that most people are manipulated on a daily basis by advertisers and governments, yet can't come to terms with the methods in the context of information security. This isn't conspiracy theory - it is business. Anyway - great book for understanding the challenges of IT security, particularly for the understanding of human vulnerabilities in order to deliver network infiltration devices and software.

  12. 4 out of 5

    Amir Tesla

    This books contains the basic principles of S.E. The very downside of it though, is that the information provided in each domain is too trivial. Once you hit a new chapter and have a glance at the title you would say wow it must be very interesting but as you proceed along the content you get disappointed since many things stays opaque. There are introduced interesting topics that can be used in an SE process like elicitation, framing, persuasion techniques, NLP etc. but you cannot grasp the who This books contains the basic principles of S.E. The very downside of it though, is that the information provided in each domain is too trivial. Once you hit a new chapter and have a glance at the title you would say wow it must be very interesting but as you proceed along the content you get disappointed since many things stays opaque. There are introduced interesting topics that can be used in an SE process like elicitation, framing, persuasion techniques, NLP etc. but you cannot grasp the whole idea by reading the corresponding topic in the book and you must refer to a more strong book in that regard. I would recommend this book a very basic introduction and guideline to those who are interested in SE.

  13. 4 out of 5

    Jonathan Jeckell

    While the US government is fixated with all things cyber, this book shows how physical and technical security systems can easily be bypassed. It mainly trends to following professional penetration testers, but also provided insight into improving your ability to influence others, as well as protect yourself from predatory manipulation, like hoaxes, scams, spear phishing, etc. The part about how woefully inadequate most corporate information awareness courses are made me laugh out loud since it p While the US government is fixated with all things cyber, this book shows how physical and technical security systems can easily be bypassed. It mainly trends to following professional penetration testers, but also provided insight into improving your ability to influence others, as well as protect yourself from predatory manipulation, like hoaxes, scams, spear phishing, etc. The part about how woefully inadequate most corporate information awareness courses are made me laugh out loud since it pretty much nailed US DoD's abysmally boring and useless marathon that most people just click through. It provided very savvy advice on how to provide your organization with effective information assurance training.

  14. 5 out of 5

    Weston

    This was an excellent book. Normally, I don't read books like this one cover to cover. I browse through them, looking at interesting parts, and then they sit on my shelf until I want to reference something in them. That almost happened with this book. I read about half way through it back in March, and then started reading some other things. About a week ago, I picked it back up and had a hard time putting it down. The explanations in the book are great, and the material is fascinating. It is sc This was an excellent book. Normally, I don't read books like this one cover to cover. I browse through them, looking at interesting parts, and then they sit on my shelf until I want to reference something in them. That almost happened with this book. I read about half way through it back in March, and then started reading some other things. About a week ago, I picked it back up and had a hard time putting it down. The explanations in the book are great, and the material is fascinating. It is scary how easily people give out information. I would definitely recommend this book to anyone interested in social engineering, or influence/manipulation.

  15. 4 out of 5

    R.Z.

    Christopher Hadnagy's worldview is suspect. Under the guise of showing his readers how to prevent falling prey to shysters trying to defraud them, he is really teaching his readers how to manipulate and fool people into doing what is wanted. Again and again he exhorts his readers to not break the law, yet much of what he recommends would be considered unethical and immoral by anyone who believes in respect for others. Bad stuff.

  16. 5 out of 5

    Takedown

    This book just amazing!!! So much valuable information, very fun and easy to read! Priceless! Must read if you do security audit or just interested in social engineering! This is also one of the best psychological book so worth a look even if you not interested in IT

  17. 5 out of 5

    Joycec

    This book gives a good overview of how we get hacked and/or taken advantage of. It's great insight into how trusting we can be and how others can use this to exploit us. There are parts that are way too technical for most of us but overall the book was worth reading.

  18. 5 out of 5

    Douglas Matthews

    Chris Hadnagy provides an excellent primer into the world of social engineering. If you want to understand the threat, learn to think how the bad guys think. Plus, there are many aspects of social engineering that have perfectly legitimate uses and purposes in ordinary personal and business life.

  19. 4 out of 5

    Dgg32

    Nice facts, useful tipps.

  20. 4 out of 5

    Jose

    Not bad. It was not a academical as I was thinking at first, it was more on the entertaining side.

  21. 5 out of 5

    Dan

    I thought "Art of Deception" was the best book out there on the subject of social engineering, and then I read this.... Outstanding.

  22. 4 out of 5

    John

    Interesting, but way too credulous on the NLP nonsense.

  23. 5 out of 5

    Miguel Dominguez

    This book purports to be an educational resource for learning social engineering: That is, manipulating people into gaining access to their secure information. It's meant as a guide for penetration testers who want to sell their services to security conscious companies. The problem is that this book is not really a useful textbook. Reading it is like spending an evening having a conversation with a social engineer where he tells you all his tips and tricks. At a high level you get the concepts, b This book purports to be an educational resource for learning social engineering: That is, manipulating people into gaining access to their secure information. It's meant as a guide for penetration testers who want to sell their services to security conscious companies. The problem is that this book is not really a useful textbook. Reading it is like spending an evening having a conversation with a social engineer where he tells you all his tips and tricks. At a high level you get the concepts, but you have no chance of just running out and applying it. Most of the concepts the author says to "just practice." Maybe that's true. Maybe social engineering is just having good social skills and knowing how to exploit people's natural tendencies. At which point this book is maybe 200 pages too long. The low point in this book is towards the middle, that talks about the psychology of manipulation. This person is not a trained psychologist, but he appears to try to read the literature. That said, he isn't able to sell his understanding. At worst, some of it sounds like pseudoscience. Still, there's a lot of fun anecdotes about the author's exploits breaking into companies. It does seem chilling how many vectors social engineers have to exploit. I think everyone who reads this will find something they do that leaves them open to exploitation. It is an eye opener, even if it doesn't teach you the trade particularly well.

  24. 5 out of 5

    Liz Mclean-Knight

    This is a pretty good into to SE, and some nice anecdotes are thrown in along the way. If you've already been studying the topic, a lot of it is redundant but I can see it being a nice thing to have one's employees read in order to take SE seriously as a security issue. He touches on microexpressions and Neurolinguistic Programming (NLP) in deceptive conversations, but these are very surface-level discussions. Here are a few resources I've found on various subjects that are more deep-dives: Body This is a pretty good into to SE, and some nice anecdotes are thrown in along the way. If you've already been studying the topic, a lot of it is redundant but I can see it being a nice thing to have one's employees read in order to take SE seriously as a security issue. He touches on microexpressions and Neurolinguistic Programming (NLP) in deceptive conversations, but these are very surface-level discussions. Here are a few resources I've found on various subjects that are more deep-dives: Body Language What Every BODY is Saying - Navarro [Good intro] The Definitive Book of Body Language - Pease [A visual glossary] Body Language Success [Analyzing body language and microexpressions in news and celebrity video clips] Persuasion Never Split the Difference - Voss [Negotiating] Get Anyone to Do Anything - Lieberman The Science of Influence - Hogan How to Talk to Anyone - Lownders [Rapport, charisma] Neuolinguistic Programming NLP Workbook - O'Connor Pitch Anything - Klaff Physical Tools How to Open Locks with Improvised Tools - Konkel Social Engineering The Art of Deception - Mitnick [SE scripts and anecdotes]

  25. 4 out of 5

    Mike

    I picked up the book with the intent of learning more about Social Engineering and how I could defend against bad actors. It sounded like the author knew his subject and was sharing. But the author needs a better editor. The focus of the book wanders, so that on the same page the tone is for a person like me and then a couple paragraphs later, someone who wants to be a social engineering auditor. I'd be fine either way, but the constant flopping around made for difficult reading. (The biggest omi I picked up the book with the intent of learning more about Social Engineering and how I could defend against bad actors. It sounded like the author knew his subject and was sharing. But the author needs a better editor. The focus of the book wanders, so that on the same page the tone is for a person like me and then a couple paragraphs later, someone who wants to be a social engineering auditor. I'd be fine either way, but the constant flopping around made for difficult reading. (The biggest omission is in the beginning the text states there is an appendix, but there isn't) The stories are the best part, though there isn't a solid narative to support them. Tidbits spring up out of nowhere, then are not connected to the next page. I think a lot could have been discussed around is numerous educational stories. That would have been much better. In the end, I learned about the author's website and the surface of social engineering. This could be seen as a primer, but it doesn't have the cohesiveness. (I'm not knocking the fact it is 6 years old, for me, and a lot of the information could be out of date).

  26. 5 out of 5

    Dennis Murphy

    Social Engineering by Christopher Hadnagy is an odd one to judge. Some of the information is basic, some of it is almost contemptuous with the regard it has for the reader's knowledge, and some of it reads fake - I don't really trust him on microexpressions, and it seems more like something he read, rather than something he experienced. Yet, other information seems really legitimate, and some of the chapters are highly useful. Chapters 5, 6 (sans micro), and 8 justify the purchase, even if hones Social Engineering by Christopher Hadnagy is an odd one to judge. Some of the information is basic, some of it is almost contemptuous with the regard it has for the reader's knowledge, and some of it reads fake - I don't really trust him on microexpressions, and it seems more like something he read, rather than something he experienced. Yet, other information seems really legitimate, and some of the chapters are highly useful. Chapters 5, 6 (sans micro), and 8 justify the purchase, even if honestly I wasn't sure whether to drop the book by the time I made it to them. If you know nothing about Social Engineering, go for it. If you know something about social engineering, you should skip around to avoid tedium. If you know a lot about social engineering, this definitely is not for you. 75/100

  27. 4 out of 5

    Michael Thelin

    This book was a challenge. Coining Engineering terms for every social 'exploit' makes it seem to try a little too hard to appeal to the tech crowd, e.g. like 'Human Buffer overflow'. Also found some of the short anecdotes in the book to not be believable, but rather added as help to make a point. (Helping the elderly woman on page 164, saving the receptionist from the angry CFO on page 191.) The largest issue I had with this book is that it doesn't seem to have a target audience in mind. People w This book was a challenge. Coining Engineering terms for every social 'exploit' makes it seem to try a little too hard to appeal to the tech crowd, e.g. like 'Human Buffer overflow'. Also found some of the short anecdotes in the book to not be believable, but rather added as help to make a point. (Helping the elderly woman on page 164, saving the receptionist from the angry CFO on page 191.) The largest issue I had with this book is that it doesn't seem to have a target audience in mind. People who are conducting interrogations, doing sales calls, preventing corporate espionage, or haggling on prices? I think some parts of this book was very useful though. The chapter on successful cases of corporate security audits towards the end of the book, and the chapter on mitigation tactics. It could be used to create awareness of Social Engineering among employees in companies with sensitive data.

  28. 4 out of 5

    James Taylor

    Bypassing security isn't just about remotely hacking using a computer. The author explains an easier way of getting in – exploiting the true weak-point; humans. This book is basically about manipulating people into gaining access to their secure information. It talks about all kinds of psychology tricks to gain small chances of getting someone to do what you want; albeit body language, choice of words, types of information. The chapter on expressions is a bit of a dull read, and the pictures make Bypassing security isn't just about remotely hacking using a computer. The author explains an easier way of getting in – exploiting the true weak-point; humans. This book is basically about manipulating people into gaining access to their secure information. It talks about all kinds of psychology tricks to gain small chances of getting someone to do what you want; albeit body language, choice of words, types of information. The chapter on expressions is a bit of a dull read, and the pictures make it seem a bit ridiculous. That section seem to stand out for being too different to the rest of the book's content. The majority of the time, it's a very easy read, although the book is far too long. There's parts that seem too similar and so it has its dull moments.

  29. 4 out of 5

    Dark Ness

    3 Stars. Why? - Because there are some ''cool'' ideas about how to influence and manipulate people and some software suggested. The first half of the book was ok but the second one was awful! I even skipped the last 30 sheets, it was so boring! Also, the World DOESN'T work like that - you CAN'T just call the police officers and tell them ''i'm a detective so please give me the Jhon Doll's Security Number...NOW! ''. You can't ''hack'' computers so easily too, we don't live in the 90'. Obviously, 3 Stars. Why? - Because there are some ''cool'' ideas about how to influence and manipulate people and some software suggested. The first half of the book was ok but the second one was awful! I even skipped the last 30 sheets, it was so boring! Also, the World DOESN'T work like that - you CAN'T just call the police officers and tell them ''i'm a detective so please give me the Jhon Doll's Security Number...NOW! ''. You can't ''hack'' computers so easily too, we don't live in the 90'. Obviously, the book was written for the average Joe who ''needs'' to be educated about the dangerous IT World. After all the book is poorly written and boring in fact.

  30. 5 out of 5

    Tomas Chmelevskij

    I would give this book 3-3.5. Some of the stuff definitely could have been condensed a bit more. Especially case studies, couple were mentioned at least twice. Also a bit about micro expressions looks a bit cheesy when you look at the pictures. It's definitely worth reading. Liked the parts about some of the security tools which are used. Only problem that it's a bit old in terms of Information Technologies. Would be nice to see fresh edition, considering how much internet has changed since 2011.

Add a review

Your email address will not be published. Required fields are marked *

Loading...
We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy.