售 价:¥
9.8
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
Title Page
Copyright and Credits
Learn Social Engineering
Dedication
Packt Upsell
Why subscribe?
PacktPub.com
Foreword
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Disclaimer
Introduction to Social Engineering
Overview of social engineering
Applications of social engineering
The social engineering framework
Information gathering
Nontechnical
Technical
Elicitation
Pretexting
Mind tricks
Persuasion
Tools used in social engineering
Physical tools
Software-based tools
Social engineering examples from Hollywood
Matchstick Men (2003)
Catch Me If You Can (2002)
Ocean's Eleven (2001)
Tips
Summary
The Psychology of Social Engineering – Mind Tricks Used
Introduction
Modes of thinking
Visual thinkers
Auditory thinkers
Kinesthetic thinkers
Determining one's dominant sense and mode of thinking
Importance of understanding a target's mode of thinking
Microexpressions
Anger
Disgust
Contempt
Fear
Surprise
Sadness
Happiness
Training to see microexpressions
How microexpressions are used in a social engineering attack?
Contradictions
Hesitation
Behavioral changes
Gestures
NLP
Codes of NLP
Voice
Sentence structuring
Word choice
Interview and interrogation
Expert interrogation techniques
Gesturing
Attentive listening
Building rapport
Human buffer overflow
Fuzzing the brain
Embedded commands
Tips
Summary
Influence and Persuasion
Introduction
Five fundamental aspects of persuasion
Setting up the environment
Influence tactics
Reciprocation
Obligation
Concession
Scarcity
Authority
Legal authority
Organizational authority
Social authority
Commitment and consistency
Liking
Social proof
Reality alteration (framing)
Manipulation
Negative manipulation tactics
Increasing predictability
Controlling the target's environment
Casting doubt
Making the target powerless
Punishing the target
Intimidation
Positive manipulation tips and tactics
Summary
Information Gathering
Introduction
Gathering information about targets
Technical information-gathering methods
BasKet
Dradis
Websites
Search engines
Pipl
Whois.net
Social media
Phishing and spear phishing
Watering holes
Blogs
Telephone
Nontechnical methods
Dumpster diving
Intrusion and impersonation
Tailgating
Shoulder surfing
Observation
Tips
Summary
Targeting and Recon
Introduction
Banks
Old organizations
Organizational employees
IT personnel
Customer support agents
Senior-level staff
Finance personnel
Elderly people
Well-wishers
Tips
Summary
Elicitation
Introduction
Getting into conversations with strangers
Preloading
Avoiding elicitation
Appealing to egos
Showing mutual interest
Falsifying statements
Flattering
Volunteering information
Assuming knowledge
Using ignorance
Capitalizing on alcoholic drinks
Being a good listener
Using intelligently-posed questions
Assumptive questions
Bracketing
Learning the skill of elicitation
Tips
Summary
Pretexting
Introduction
Principles and planning of pretexting
Doing research
Google hacking
The power of Google hacking
Feedback from the victims
Google hacking secrets
Operators
Using personal interests
Practicing dialects
Using phones
Choosing simple pretexts
Spontaneity
Providing logical conclusions
Successful pretexting
HP information leak
Stanley Rifkin
DHS hack
Internal Revenue Service scams
Phone calls
Emails
Business email compromise
Letters
Ubiquiti networks
Legal concerns of pretexting
Tools to enhance pretexts
Tips
Summary
Social Engineering Tools
The tools for social engineering
Physical tools
Lockpicks
Recording devices
GPS trackers
Software tools
Maltego
Features of the software
Technical specifications
How to use Maltego?
Maltego for network data gathering
Step 1 – opening Maltego
Step 2 – choosing a machine
Step 3 – choosing a target
Step 4 – results
Using Maltego to collect data on an individual
Step 1 – selecting the machine
Step 2 – specifying a target
Step 3 – results
Hacking personal information
Hacking servers
Apache servers
Microsoft servers
Oracle servers
IBM servers
Netscape servers
Red Hat servers
System reports
Error message queries
Social engineer toolkit (SET)
Spear phishing
Web attack vector
Infectious media generator
SMS spoofing attack vector
Wireless access point attack vector
QRCode attack vector
Third-party modules – fast track exploitation
Create a payload and listener
Mass mailer attack
Phone tools
Caller ID spoofing
Scripts
The way back machine
Spokeo
Metagoofil
Fingerprinting Organizations with Collected Archives (FOCA)
The credential harvester attack method
Social engineering exercise
Phishing with BeEF
Zabasearch.com
Job postings
Shodan.io
Default passwords
Hardware keyloggers
Toll-free number providers
Netcraft website
Netcraft toolbar
Microsoft Edge SmartScreen
Windows Defender application guard
SmartScreen filter
Windows Defender network protection
Highly recommended
Ask the experts
Tips
Summary
Prevention and Mitigation
Learning to identify social engineering attacks
Emails
Phishing attempts
Baiting
Responding to unasked questions
Creating distrust
Other signs
Mitigating social engineering attacks
Phone calls
Emails
In-person attacks
Social engineering audit
Summary
Case Studies of Social Engineering
What is social engineering?
Information gathering
Developing relationships
Exploitation
Execution
Why is it so effective?
Case studies of social engineering
CEO fraud
Financial phishing
Social media phishing
Ransomware phishing
Bitcoin phishing
Social engineering case study - Keepnet labs phishing simulation
Analysis of top ten industries
Examination of total emails sent within one year
Evaluation of social engineering attacks of the top five companies with the largest number of users
Tips
Summary
Ask the Experts – Part 1
Troy Hunt
Jonathan C. Trull
What is social engineering?
Staying safe from social engineering attacks
People
Process
Technology
Developing an effective cyber strategy
Resources
Business drivers
Data
Controls
Threats
Marcus Murray and Hasain Alshakarti
Sample scenario – the workstation-data collection job
Step 1 – preparing the attack
Step 2 – staging the attack
Step 3 – selecting the target
Step 4 – launching the attack
Step 5 – result
Key points from this example
Physical exposure
The physical attack
Emre Tinaztepe
Malvertising
Prevention
Rogue/fake applications
Prevention
Documents with malicious payloads
Prevention
Public Wi-Fi hotspots
Prevention
Phishing/spear phishing
Milad Aslaner
Information is everywhere
User activities
Understanding reconnaissance
Practical examples of reconnaissance
Real-world examples
Ask the Experts – Part 2
Paula Januszkiewicz
Twisted perception of a hacker and due diligence
Şükrü Durmaz and Raif Sarıca
Real-world examples
Operation Game of Thrones
Operation Gone with the Wind
Operation Scam the Scammer
Operation Mobile Phone Fraud
Operation Chameleon
Operation Lightspeed
Operation Double Scam
Andy Malone
Social engineering – by Andy Malone
Phishing
Ransomware
Conclusion
Chris Jackson
Daniel Weis
Diffusion of responsibility
Chance for ingratiation
Trust relationships
Moral duty
Guilt
Identification
Desire to be helpful
Cooperation
Fear
Phishing
Ask the Experts – Part 3
Raymond P.L. Comvalius
Raymond on the future of pretexting
George Dobrea
Dr. Mitko Bogdansoki
Securing the weakest link in the cyber security chain against social engineering attacks
Introduction
Social engineering definition
Social engineering attacks life cycle
Taxonomy of the social engineering attacks
Phishing
Dumpster diving
Shoulder surfing
Advanced Persistent Treat (APT)
Reverse social engineering
Baiting
Waterholing
Tailgating
Trojan horses
Surfing online content
Role-playing
Pretexting
Spear phishing
Quid pro quo
Vishing
Real-world examples of social engineering attacks
Staying safe from social engineering attacks
References
Ozan Ucar and Orhan Sari
Ask the expert–tips to prevent social engineering (SE) and personal real-life experiences of SE
Keepnet Phishing Simulator is an excellent tool for fighting against phishing attacks
Template management
Edit button
Adding a new template
Report manager
Phishing incident responder
Sami Lahio
Ask the Experts – Part 4
Oguzhan Filizlibay
The aftermath – what follows a social engineering attack?
Yalkin Demirkaya
Unauthorized Email access by CIO
Case study 1 – sample incident response report
Background
Incident response
Malware Analysis
Overview
Persistence mechanism
Execution of Malware
Configuration
Conclusion
Data exfiltration analysis
Summary and findings
Unauthorized email access by CIO
Case study 2 – employee misconduct
Background
Challenge
Response
Results
Case study 3 – theft of intellectual property
FORTUNE 100 company cleared of wrongdoing
Background
Challenge
Response
Results
Case study 4 – Litigation support
Bankruptcy fraud
Background
Challenge
Response
Results
Leyla Aliyeva
Cybercriminal cases like a chain
Phishing for bank customers
Crime in the victim's room
A phone call and the loss of thousands of dollars
Why do we become victims?
Aryeh Goretsky
Social engineering – from typewriter to PC
That was then – social engineering with postal mail
30 years of criminal evolution
This is now – Business Email Compromise (BEC)
Defending against BEC
References/Further reading
About the author
Dr. Islam, MD Rafiqul, and Dr. Erdal Ozkaya
Privacy issues in social media
Abstract
Introduction
Background information
Motivation for the study
Research questions
Literature review
Privacy issues in social media
Evaluating social media privacy settings for personal and advertising purposes
The privacy issues on different social media platforms
Research Methods
Research method
Data collection
Data analysis
Conclusion
References
Other Books You May Enjoy
Leave a review - let other readers know what you think
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜
购物车
个人中心
