Social Engineering Penetration Testing.pdf

(15479 KB) Pobierz

Social Engineering

Penetration Testing

Social Engineering

Penetration Testing

Executing Social Engineering

Pen Tests, Assessments

and Defense

Gavin Watson

Andrew Mason

Richard Ackroyd

AMSTERDAM • BOSTON • HEIDELBERG • LONDON

NEW YORK • OXFORD • PARIS • SAN DIEGO

SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO

Syngress is an imprint of Elsevier

Acquiring Editor:

Chris Katsaropoulos

Editorial Project Manager:

Benjamin Rearick

Project Manager:

Malathi Samayan

Designer:

Mark Rogers

Syngress is an imprint of Elsevier

225 Wyman Street, Waltham, MA 02451, USA

The Boulevard, Langford Lane, Kidlington, Oxford, OX5 1GB, UK

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical,

including photocopying, recording, or any information storage and retrieval system, without permission in writing

from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies

and our arrangement with organizations such as the Copyright Clearance Center and the Copyright Licensing

Agency, can be found at our website:

www.elsevier.com/permissions

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than

as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our

understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any

information, methods, compounds, or experiments described herein. In using such information or methods they

should be mindful of their own safety and the safety of others, including parties for whom they have a professional

responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume

any liability for any injury and/or damage to persons or property as a matter of products liability,

negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas

contained in the material herein.

Library of Congress Cataloging-in-Publication Data

Watson, Gavin, 1982-

Social engineering penetration testing: executing social engineering pen tests, assessments and defense/Gavin

Watson, Andrew Mason, Richard Ackroyd.

pages cm.

Includes bibliographical references and index.

ISBN 978-0-12-420124-8 (alk. paper)

1. Social engineering. I. Title.

HM668.W38 2014

303.3

72--dc23

2014003510

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

ISBN: 978-0-12-420124-8

For information on all Syngress publications

visit our website at

http://store.elsevier.com/Syngress

Printed and bound in USA

14 15 16 17 10 9 8 7 6 5 4 3 2 1

Foreword

I can still remember clearly when I sat down and started writing the framework at

social-engineer.org.

I searched the Internet for helpful hints on topics I wanted to

cover. Nevertheless, Social Engineering was not a hot topic at that time.

I could find videos on getting free food from drive thru’s or picking up

girls.

. .

but nothing to do with security. Around the same time I was writing the

framework, I worked hard to try and include social engineering in any security

work I was doing. Most of the time companies would say things like, “Why try?

We know we will fail.” or “There is no way anything like that would work on

me!”

I even resorted to giving away the services at times, just to prove how danger-

ous social engineering was. Fast forward now years into the future, people are

emailing and calling for quotes on social engineering work every day. With the

increase in interest comes the increase in “providers” of these services.

Unfortunately, for you, the readers of this book, there are so many providers it

must be mind numbing to try and chose the right one. You may have asked your-

self questions like “How do I know I am working with a good provider of SE

Services?” “What is a social engineering pentest really?” and many more

questions.

When I was approached about writing the foreword for this book, I was pretty

strict about slapping a foreword inside these pages, until I read the book and

understood what message these guys were trying to send. I had a few phone meet-

ings to discuss their thoughts on topics and then I received the early editions of

their writing.

As I read through each chapter, I felt like I found a group of guys who “got

it.” They made it clear what a social engineering pentest is, what questions you

should ask, and how you can make the best of the budget you have to include this

very important aspect into your yearly checkups.

Years later, here I am still offering social engineering services. I used to be

one of the few, now one of the many but a book like this will help you find those

of us that really know, understand, and ARE social engineering professionals.

I know you will enjoy this book. For your business folks out there, you will

especially enjoy Chapter 5. It will help you understand then relate why it is

important to engage a social engineer for your security needs.

The section in Chapter 7 about pretext development is an excellent coverage

of a very difficult topic that I know any ardent student of social engineering will

want to study.

Chapters 14 and 15 will surely help you if you are seeking information on

how to set up an effective awareness program.

These are just a sampling of the chapters. Each one has benefit for you.

Social Engineering Penetration Testing. DOI:

http://dx.doi.org/10.1016/B978-0-12-420124-8.00024-7

xvi

Foreword

I truly appreciate the chance I have had to read the work of Gavin, Andrew,

and Richard. They have been open to my advice, more than patient with my busy

schedule but most importantly they care about security. They don’t preach “stupid

users” but they preach “uneducated users,” that is a message I hold close to my

heart. My motto from day 1 has been “Security through education.” It is nice to

find a group, like the authors of this book, that think the same way.

Sincerely,

Christopher J. Hadnagy

Chief Human Hacker

Social-Engineer, Inc.

www.social-engineer.com

Author, Security Advocate, and Professional Social Engineer

Plik z chomika:

jacek_040

Inne pliki z tego folderu:

Exploiting Web-Based Applications - FREE Video Training Course PART 1.rar (506812 KB)
Exploiting Web-Based Applications - FREE Video Training Course PART 2.rar (933817 KB)
50 Android Hacks.pdf (3465 KB)
50 Reasons For Mastering Penetration Testing.azw3 (171 KB)
610.1 - Malware Analysis Fundamentals.pdf (31650 KB)

Social Engineering Penetration Testing.pdf

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: