Learn Social Engineering电子书

Title Page

Copyright and Credits

Learn Social Engineering

Dedication

Packt Upsell

Why subscribe?

PacktPub.com

Foreword

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Disclaimer

Introduction to Social Engineering

Overview of social engineering

Applications of social engineering

The social engineering framework

Information gathering

Nontechnical

Technical

Elicitation

Pretexting

Mind tricks

Persuasion

Tools used in social engineering

Physical tools

Software-based tools

Social engineering examples from Hollywood

Matchstick Men (2003)

Catch Me If You Can (2002)

Ocean's Eleven (2001)

Tips

Summary

The Psychology of Social Engineering – Mind Tricks Used

Introduction

Modes of thinking

Visual thinkers

Auditory thinkers

Kinesthetic thinkers

Determining one's dominant sense and mode of thinking

Importance of understanding a target's mode of thinking

Microexpressions

Anger

Disgust

Contempt

Fear

Surprise

Sadness

Happiness

Training to see microexpressions

How microexpressions are used in a social engineering attack?

Contradictions

Hesitation

Behavioral changes

Gestures

NLP

Codes of NLP

Voice

Sentence structuring

Word choice

Interview and interrogation

Expert interrogation techniques

Gesturing

Attentive listening

Building rapport

Human buffer overflow

Fuzzing the brain

Embedded commands

Tips

Summary

Influence and Persuasion

Introduction

Five fundamental aspects of persuasion

Setting up the environment

Influence tactics

Reciprocation

Obligation

Concession

Scarcity

Authority

Legal authority

Organizational authority

Social authority

Commitment and consistency

Liking

Social proof

Reality alteration (framing)

Manipulation

Negative manipulation tactics

Increasing predictability

Controlling the target's environment

Casting doubt

Making the target powerless

Punishing the target

Intimidation

Positive manipulation tips and tactics

Summary

Information Gathering

Introduction

Gathering information about targets

Technical information-gathering methods

BasKet

Dradis

Websites

Search engines

Pipl

Whois.net

Social media

Phishing and spear phishing

Watering holes

Blogs

Telephone

Nontechnical methods

Dumpster diving

Intrusion and impersonation

Tailgating

Shoulder surfing

Observation

Tips

Summary

Targeting and Recon

Introduction

Banks

Old organizations

Organizational employees

IT personnel

Customer support agents

Senior-level staff

Finance personnel

Elderly people

Well-wishers

Tips

Summary

Elicitation

Introduction

Getting into conversations with strangers

Preloading

Avoiding elicitation

Appealing to egos

Showing mutual interest

Falsifying statements

Flattering

Volunteering information

Assuming knowledge

Using ignorance

Capitalizing on alcoholic drinks

Being a good listener

Using intelligently-posed questions

Assumptive questions

Bracketing

Learning the skill of elicitation

Tips

Summary

Pretexting

Introduction

Principles and planning of pretexting

Doing research

Google hacking

The power of Google hacking

Feedback from the victims

Google hacking secrets

Operators

Using personal interests

Practicing dialects

Using phones

Choosing simple pretexts

Spontaneity

Providing logical conclusions

Successful pretexting

HP information leak

Stanley Rifkin

DHS hack

Internal Revenue Service scams

Phone calls

Emails

Business email compromise

Letters

Ubiquiti networks

Legal concerns of pretexting

Tools to enhance pretexts

Tips

Summary

Social Engineering Tools

The tools for social engineering

Physical tools

Lockpicks

Recording devices

GPS trackers

Software tools

Maltego

Features of the software

Technical specifications

How to use Maltego?

Maltego for network data gathering

Step 1 – opening Maltego

Step 2 – choosing a machine

Step 3 – choosing a target

Step 4 – results

Using Maltego to collect data on an individual

Step 1 – selecting the machine

Step 2 – specifying a target

Step 3 – results

Google

Hacking personal information

Hacking servers

Apache servers

Microsoft servers

Oracle servers

IBM servers

Netscape servers

Red Hat servers

System reports

Error message queries

Social engineer toolkit (SET)

Spear phishing

Web attack vector

Infectious media generator

SMS spoofing attack vector

Wireless access point attack vector

QRCode attack vector

Third-party modules – fast track exploitation

Create a payload and listener

Mass mailer attack

Phone tools

Caller ID spoofing

Scripts

The way back machine

Spokeo

Metagoofil

Fingerprinting Organizations with Collected Archives (FOCA)

The credential harvester attack method

Social engineering exercise

Phishing with BeEF

Zabasearch.com

Job postings

Shodan.io

Default passwords

Hardware keyloggers

Toll-free number providers

Netcraft website

Netcraft toolbar

Microsoft Edge SmartScreen

Windows Defender application guard

SmartScreen filter

Windows Defender network protection

Highly recommended

Ask the experts

Tips

Summary

Prevention and Mitigation

Learning to identify social engineering attacks

Emails

Phishing attempts

Baiting

Responding to unasked questions

Creating distrust

Other signs

Mitigating social engineering attacks

Phone calls

Emails

In-person attacks

Social engineering audit

Summary

Case Studies of Social Engineering

What is social engineering?

Information gathering

Developing relationships

Exploitation

Execution

Why is it so effective?

Case studies of social engineering

CEO fraud

Financial phishing

Social media phishing

Ransomware phishing

Bitcoin phishing

Social engineering case study - Keepnet labs phishing simulation

Analysis of top ten industries

Examination of total emails sent within one year

Evaluation of social engineering attacks of the top five companies with the largest number of users

Tips

Summary

Ask the Experts – Part 1

Troy Hunt

Jonathan C. Trull

What is social engineering?

Staying safe from social engineering attacks

People

Process

Technology

Developing an effective cyber strategy

Resources

Business drivers

Data

Controls

Threats

Marcus Murray and Hasain Alshakarti

Sample scenario – the workstation-data collection job

Step 1 – preparing the attack

Step 2 – staging the attack

Step 3 – selecting the target

Step 4 – launching the attack

Step 5 – result

Key points from this example

Physical exposure

The physical attack

Emre Tinaztepe

Malvertising

Prevention

Rogue/fake applications

Prevention

Documents with malicious payloads

Prevention

Public Wi-Fi hotspots

Prevention

Phishing/spear phishing

Milad Aslaner

Information is everywhere

User activities

Understanding reconnaissance

Practical examples of reconnaissance

Real-world examples

Ask the Experts – Part 2

Paula Januszkiewicz

Twisted perception of a hacker and due diligence

Şükrü Durmaz and Raif Sarıca

Real-world examples

Operation Game of Thrones

Operation Gone with the Wind

Operation Scam the Scammer

Operation Mobile Phone Fraud

Operation Chameleon

Operation Lightspeed

Operation Double Scam

Andy Malone

Social engineering – by Andy Malone

Phishing

Ransomware

Conclusion

Chris Jackson

Daniel Weis

Diffusion of responsibility

Chance for ingratiation

Trust relationships

Moral duty

Guilt

Identification

Desire to be helpful

Cooperation

Fear

Phishing

Ask the Experts – Part 3

Raymond P.L. Comvalius

Raymond on the future of pretexting

George Dobrea

Dr. Mitko Bogdansoki

Securing the weakest link in the cyber security chain against social engineering attacks

Introduction

Social engineering definition

Social engineering attacks life cycle

Taxonomy of the social engineering attacks

Phishing

Dumpster diving

Shoulder surfing

Advanced Persistent Treat (APT)

Reverse social engineering

Baiting

Waterholing

Tailgating

Trojan horses

Surfing online content

Role-playing

Pretexting

Spear phishing

Quid pro quo

Vishing

Real-world examples of social engineering attacks

Staying safe from social engineering attacks

References

Ozan Ucar and Orhan Sari

Ask the expert–tips to prevent social engineering (SE) and personal real-life experiences of SE

Keepnet Phishing Simulator is an excellent tool for fighting against phishing attacks

Template management

Edit button

Adding a new template

Report manager

Phishing incident responder

Sami Lahio

Ask the Experts – Part 4

Oguzhan Filizlibay

The aftermath – what follows a social engineering attack?

Yalkin Demirkaya

Unauthorized Email access by CIO

Case study 1 – sample incident response report

Background

Incident response

Malware Analysis

Overview

Persistence mechanism

Execution of Malware

Configuration

Conclusion

Data exfiltration analysis

Summary and findings

Unauthorized email access by CIO

Case study 2 – employee misconduct

Background

Challenge

Response

Results

Case study 3 – theft of intellectual property

FORTUNE 100 company cleared of wrongdoing

Background

Challenge

Response

Results

Case study 4 – Litigation support

Bankruptcy fraud

Background

Challenge

Response

Results

Leyla Aliyeva

Cybercriminal cases like a chain

Phishing for bank customers

Crime in the victim's room

A phone call and the loss of thousands of dollars

Why do we become victims?

Aryeh Goretsky

Social engineering – from typewriter to PC

That was then – social engineering with postal mail

30 years of criminal evolution

This is now – Business Email Compromise (BEC)

Defending against BEC

References/Further reading

About the author

Dr. Islam, MD Rafiqul, and Dr. Erdal Ozkaya

Privacy issues in social media

Abstract

Introduction

Background information

Motivation for the study

Research questions

Literature review

Privacy issues in social media

Evaluating social media privacy settings for personal and advertising purposes

The privacy issues on different social media platforms

Research Methods

Research method

Data collection

Data analysis

Conclusion

References

Other Books You May Enjoy

Leave a review - let other readers know what you think