Social Engineering the Art of Human Hacking Spark Notes
See a Problem?
Thanks for telling u.s. nigh the problem.
Friend Reviews
Community Reviews
Hither is a big part of where my excitement originated: this book is one of the first books to pull together commentary on the types of things social engineers have known and been doing. This book, every bit well as social-engineer.org and _No Tech Hacking_ ar
Let me commencement by saying that Social Applied science is i of the ii areas of information security where I take specialized (in addition to awarding security), so I was looking forward to this book, and, undoubtedly, I set my expectations also highly.Hither is a large part of where my excitement originated: this book is one of the first books to pull together commentary on the types of things social engineers take known and been doing. This volume, as well equally social-engineer.org and _No Tech Hacking_ are substantially pioneers at getting these techniques, tips, and tactics nerveless across an anecdotal way.
That said, information technology was badly put together:
* Numerous assertions were not fact-checked (some having been repeatedly debunked)
* The audience wasn't clear, and seemed to mutate
* Commentary meandered, went off-topic, and even repeated itself in unhelpful ways
* The use of quotes, anecdotes, and studies seemed haphazard
* Long web links were written out in the books, instead of shortened ones
* etc.
For most of the above, I tin't totally blame the author, who was coming to this as a Social Technology bailiwick matter expert, not a author, but the publisher or editor should take been on top of those things.
What was probably most frustrating virtually the aforementioned items, yet, is that the volume could spend and so much fourth dimension on the arts of persuasion, and fully fail to execute them in text.
As far as the content (assuming an editor or ghost-writer could have given it flow and cohesion), most of the information was 5-15+ years onetime. To be fair, however, this is non totally an indictment of the book, only besides the security industry as a whole, which is primarily an artifact of our commonage tendency to revel in our exploits rather than put effort and attending into addressing the problems that lead to easy social engineering (or other security) exploits. (Note: this trend is repeated in this book, too, with 24 of 382 pages being well-nigh "Prevention and Mitigation").
In the end, this volume was due dorsum at the library, so, while I read over one-half of it, I ended up skimming the residue. It wasn't worth checking out, once again.
...more
Indeed, while it does become into some really decent particular focusing on awareness of methods, it really shines in highlighting how ane might become into business equally an Accountant, themselves.
All in all, it is the modern confidence game. You've got thieves and thief-takers. You've got an amazing variety of people out in that location that simply don't accept enough precautions so y'all've got others that
This is a pretty good white-hat breakdown of techniques that exploit the more psychological aspects of hacking.Indeed, while it does go into some really decent particular focusing on sensation of methods, it really shines in highlighting how one might go into business organisation as an Auditor, themselves.
All in all, it is the modernistic confidence game. You've got thieves and thief-takers. You've got an amazing variety of people out there that but don't take plenty precautions and and so y'all've got others that aren't paying close enough attending to the Correct kind of precautions.
Tin you lot imagine having a multi-one thousand thousand dollar security system, teams of devoted security analysts, a fort-knox door, good key cards, and an excellent magnetic lock... all foiled by waving a t-shirt? Or because you lot helped a secretary out by alert her of her bad-mood boss... or past being an all-correct guy helping y'all out of a jam?
Only these kinds of things happen all the time. We've all heard of fishing. We know non to open untrusted pdf files. We know that we demand to keep our software updated and relatively better protected from old exploits. Correct? Well, apparently not. Social creatures do as social creatures practice. People who help yous out of jams or mirror your expressions or announced out of nowhere with official-sounding titles and excellent business cards are ever... TRUSTED. Someone with a CFO title demands that yous do something or lose your job. What do you do?
The thing is, most businesses set themselves up for this kind of chicanery. If you instill respect and/or fright in your employees, don't be surprised when someone from the outside exploits the natural human reactions that come up with being mistreated and/or indoctrinated. Being complimentary to ask questions and verify credentials should be encouraged... even when an angry CFO keeps threatening an employee. (Real or non existent, the terms of appointment ought to be the same.)
Alas. There's a lot more similar this in the book and it'southward all pretty fascinating. It helps to exist a genuine people person if you get into this line of work, simply there are lots of different kinds of techniques. The point is to have a well-rounded toolbox and display confidence. Because you're a white-hat... right?
...more
and I was diddled away! It was very exciting – that guy has GUTS! I wanted to read more about the technique, non necessarily with the goal of learning how to social-engineer people in mind, just rather to endeavour and recognize the signs so I can detect if ever I am being social-engineered!
This book is quite thorough and there is no denying the textile is interesting, but I found it too long. There was too much "telling me about
I first became aware of the concept of Social Technology when I read and I was blown away! Information technology was very exciting – that guy has GUTS! I wanted to read more about the technique, not necessarily with the goal of learning how to social-engineer people in mind, simply rather to attempt and recognize the signs and then I can detect if ever I am being social-engineered!
This book is quite thorough and there is no denying the material is interesting, just I found it besides long. At that place was also much "telling me about what I'thou about to read" which I found completely redundant and annoying. Don't tell me near what you lot are going to write, just write information technology and let me read it!!
Aside from that complaint, the book had me hooked.
...more than
Book contains plenty of useful information, merely I didn't like it at all ;/
Why?
1. Narrator in Audible version was far likewise monotonous & fabricated fifty-fifty the nearly interesting cases sound dull.
2. Book is too repetitive, while in the same time information technology lacked clear structure -> this deepens the feeling of repetition
three. Author does a lot of 'cheap' NLP on the reader -> to easy to look through & too abrasive ("next, you lot'll read about the all-time & nearly fascinating techniques of influence and manipulation th
Book contains enough of useful information, but I didn't like information technology at all ;/
Why?
one. Narrator in Audible version was far likewise monotonous & made even the most interesting cases sound slow.
2. Volume is also repetitive, while in the aforementioned time it lacked clear construction -> this deepens the feeling of repetition
three. Author does a lot of 'cheap' NLP on the reader -> to easy to await through & too abrasive ("next, y'all'll read about the best & most fascinating techniques of influence and manipulation that will blow your listen!!!" - sort-of-mode)
4. Author ain't merely inspired by classics, he explicitly quotes techniques & even total cases (!) - e.chiliad. from Mittnick's "Art of Deception". Well, he doesn't hide it (quite the contrary), merely it also means that if you've read Cialdini, Mittnick & some NLP stuff, you won't find anything really new (or refreshing) here.
And then, if you haven't read annihilation on SE until now, it's a good starter - easy ready, comprehensive plenty, very practical. Sometimes confusing (author can't decide whether information technology's supposed to serve white-hack SEs or individuals who should raise their awareness), but still useful. If you lot've already read something OR you want to start with more comprehensive psychological approach, start with Cialdini ("Influence" should become outset).
...more
The audience is non clear, but I do not believe information technology needs to exist. The fact that the author repeatedly talks throughout about techniques you can use to social engineer, merely then closes the book out with a chapter on "Prevention and Mitigation" highlighted, to me, that the book was designed more than as a wake-up call to those, like the CEO he mentions in 1 of his case study, that believe themselves immune from the potentially negative effects of social applied science.
I find it interesting
An like shooting fish in a barrel read.The audience is not clear, but I do not believe it needs to exist. The fact that the writer repeatedly talks throughout almost techniques you can utilize to social engineer, but and so closes the book out with a chapter on "Prevention and Mitigation" highlighted, to me, that the book was designed more equally a wake-up call to those, like the CEO he mentions in one of his example study, that believe themselves immune from the potentially negative effects of social engineering.
I observe it interesting that the author talks at length well-nigh the use of cloned sites and the employ of malicious code on websites as a tool for the social engineer, and then directs the reader to specific sites, and .pdf files throughout the book. I am non sure if I am imputing also much to the author's strategy in writing the book, but the willingness to expect at those websites and notice those .pdfs to be an interesting case of social engineering in and of itself.
In summ: the volume was depressingly informative and idea provoking. I think that it does offer an effective wake-up telephone call, but can too accept the result of making those prone to paranoia flip-out.
I also note the irony of writing a review of a social engineering book on a website which in turn is an artery for social applied science.
...more
Other than that, information technology is a nice systematic review of social engineering methods.
And while reading this volume I realized why we shouldn't share every bit of information about ourselves in social networks (information technology's non similar I didn't know it, but now I understand it). However, not sharing information on social networks besides is information that can be used, and so I conclude with same equally the writer: security through instruction. Demand to A typical american-style book - likewise much repetition and back-up of words.
Other than that, it is a nice systematic review of social engineering methods.
And while reading this volume I realized why we shouldn't share equally of information about ourselves in social networks (it's not similar I didn't know it, only now I understand it). Withal, non sharing information on social networks also is data that tin be used, and so I conclude with aforementioned every bit the author: security through education. Need to be aware of this. ...more
There are introduced interesting topics that tin exist used in an SE process similar elicitation, framing, persuasion techniques, NLP etc. simply you cannot grasp the who This books contains the basic principles of South.Eastward. The very downside of it though, is that the information provided in each domain is too picayune. One time you hitting a new chapter and accept a glance at the championship y'all would say wow information technology must be very interesting simply as you go on along the content yous get disappointed since many things stays opaque.
In that location are introduced interesting topics that can be used in an SE procedure like elicitation, framing, persuasion techniques, NLP etc. but y'all cannot grasp the whole idea by reading the corresponding topic in the book and you lot must refer to a more strong book in that regard.
I would recommend this book a very basic introduction and guideline to those who are interested in SE. ...more than
With these shortcomings aside, I did appreciate the topics on information gathering, microexpressions, the description of Kali Linux'southward (still called Backtrack when the book was writt Decent book if this is one's beginning interaction with the topic. If not, the repetitive, meandering and occasionally off-topic commentary coupled with a hefty amount of outdated information, plus the long cyberspace links thrown in together with the text, instead of in an appendix, will make it a hard read at times.
With these shortcomings aside, I did appreciate the topics on information gathering, microexpressions, the description of Kali Linux'south (yet called Backtrack when the book was written) tools that are oriented towards social engineering, and some of the instance studies. ...more
night mode reading ;
skaitom nakties rezimu
Most the Volume: What information you have on your social media profiles? Are at that place pictures of your home there, your family unit? Is the name there – existent? And so if I chosen you to ask well-nigh your bank details, knowing your name, and your banking company, how would you lot know I'm not in it for your life savings if I, seemingly, asked nothing of value?… When's the concluding time yous did one of those "tag a friend" things that ask you for v facts
all reviews in ane identify:dark mode reading ;
skaitom nakties rezimu
Nigh the Book: What information you have on your social media profiles? Are at that place pictures of your abode there, your family? Is the name there – real? Then if I called yous to ask about your bank details, knowing your proper noun, and your depository financial institution, how would you know I'm not in information technology for your life savings if I, seemingly, asked goose egg of value?… When's the last time you did one of those "tag a friend" things that ask yous for five facts, your favorite color, food, drinkable? Do you lot employ the countersign you apply in that profile – somewhere else as well? When's the final time you updated it? And is your security question – the easiest one to remember?…
My Stance: A genuinely brilliant book that is likewise very concerning. Us the humans are easy to dispense. A drop of empathy here, a fleck of solidarity there, an instilled respect or fearfulness of government, and we don't question things. Think you can read people, and have a dandy gut feeling? Read it. The only consequence I had with information technology was the pronouns used. An instance is given where the abstract state of affairs contains a person. We are led into it to "meet" this person. so suddenly that person obtains a gender. So now that you lot see this person, wait her in the eyes. I was okay with them being a person, don't brand me plough the person into someone more specific mid-judgement, delight.
...more
So logically defence should start with sensation and preparation, and non simply of Information technology personnel, simply everyone - since in 21st Century nosotros all have digital presence.
This a expert overview of metho I concur with school of idea that states "Human is the weakest link in cyber security chain." In nigh cases it'south much easier to merely enquire for password nicely and go it than to break open up Os, then business relationship, then database, then banking concern etc. Or why ask password, if you can just ask for money or documents themselves?
So logically defense should starting time with awareness and preparation, and non only of IT personnel, just everyone - since in 21st Century we all have digital presence.
This a skilful overview of methods and attack vectors - and exactly that, "overview", considering to go social engineer 1 should add some years of practice to the book itself.
Information technology as well made me consider what I would consider social engineering, considering, in a manner, some of the elements are relevant to whatever communication - rapport, empathy, careful listening etc. ...more
This book looked to me similar it has broke human relations down into fine pieces and made information technology easy to understand. The book bases its arguments on reasearch the author's team and other psychologists have conducted as well equally public experiments and events. The one affair this book was, to me, lacking was examples from history.
Arm yourself with noesis.This book looked to me like information technology has broke human relations down into fine pieces and made it piece of cake to empathize. The book bases its arguments on reasearch the author'due south team and other psychologists accept conducted as well as public experiments and events. The 1 thing this volume was, to me, lacking was examples from history.
...more than
I believe it'south good to be aware of information technology and then it won't happen so hands to you. People are so easily manipulated.
I believe information technology's expert to be enlightened of information technology so it won't happen and so easily to you. ...more
This book shows how to brand people do what you want to practise, wile likewise making them think i I found that this book is vary interesting. Afterward reading this volume I watched the Television set show that the author made about the aforementioned thing. Wile reading this book I learned near social engineering and how to utilize and dispense people using the tactics used in the book. The book also is a good thing to learn about to protect your cocky from the people trying to hurt or scam me using the tactics in the book.
This book shows how to make people exercise what you want to practice, wile also making them think its their idea and to make them call up that it will also benefit them, only actually is putting them at a disadvantage on them. Giving me or the attacker the advantage. The volume also shows how to infiltrate corporations to get data. From reading this book Information technology has showed me the low-cal in the nighttime and now when I grow upward I want to use use this info in a job in the future. This book has sparked a interest in me to fine more nigh social engineering science every bit a hobby and equally a job. I will only apply this volume information to practice good and not for evil entente.
I exist leave everyone should read this book. It shows how to protect your self from people who want to harm you lot past showing how to prevent it. To go along your information, and possibly company safe from harms style.
"If you know the enemy and know yourself you need
not fear the results of a hundred battles.
—Sunday Tzu (Page 25)"
"War is ninety percent data.
—Napoleon Bonaparte (Page 47)"
This volume is probably all-time served as newspaper, versus audio - or at least supplemented with the actual book. This is partly due to the many lists and references and partly due to the off-putting narration. Information technology wasn't bad, but "good" isn't quite the right word either.
This book and farther
A well washed overview with added depth in cardinal areas - overall, an excellent resources for any IT professional and will provide utility for a penetration tester looking to strengthen the person-to-person attack vector.This book is probably all-time served as paper, versus sound - or at least supplemented with the bodily book. This is partly due to the many lists and references and partly due to the off-putting narration. It wasn't bad, merely "practiced" isn't quite the right discussion either.
This volume and farther written report (and practice) in the areas outlined are a means to becoming a more effective Penetration tester.
To the accusers that Hadnagy is presenting tools for manipulation, and criticizing him for that... you are missing the point. Attackers volition apply any means; ethical or not, to infiltrate a company'south infrastructure. NLP, framing, microexpressions - all of the tools and techniques covered in this book. And they will apply others merely partly best-selling in this book, such as blackmail and other means of social leverage. Understanding that "manipulating" humans is common in this field is vital to defence force confronting them.
It is ironic that nigh people are manipulated on a daily ground past advertisers and governments, nonetheless can't come to terms with the methods in the context of information security. This isn't conspiracy theory - information technology is business.
Anyway - keen volume for agreement the challenges of IT security, particularly for the understanding of human vulnerabilities in social club to deliver network infiltration devices and software.
...more
Trunk
This is a pretty skillful into to SE, and some nice anecdotes are thrown in forth the mode. If you've already been studying the topic, a lot of information technology is redundant only I tin can encounter it beingness a nice affair to take one's employees read in order to take SE seriously as a security issue. He touches on microexpressions and Neurolinguistic Programming (NLP) in deceptive conversations, but these are very surface-level discussions. Here are a few resources I've plant on various subjects that are more deep-dives: Body Language
What Every BODY is Saying - Navarro [Good intro]
The Definitive Book of Body Language - Pease [A visual glossary]
Body Linguistic communication Success [Analyzing trunk language and microexpressions in news and celebrity video clips]
Persuasion
Never Carve up the Difference - Voss [Negotiating]
Get Anyone to Do Anything - Lieberman
The Science of Influence - Hogan
How to Talk to Anyone - Lownders [Rapport, charisma]
Neuolinguistic Programming
NLP Workbook - O'Connor
Pitch Anything - Klaff
Concrete Tools
How to Open Locks with Improvised Tools - Konkel
Social Engineering
The Fine art of Deception - Mitnick [SE scripts and anecdotes]
Just the author needs a improve editor. The focus of the book wanders, so that on the same folio the tone is for a person like me and and so a couple paragraphs subsequently, someone who wants to be a social engineering auditor. I'd be fine either way, but the constant flopping effectually made for difficult reading. (The biggest omi
I picked up the book with the intent of learning more almost Social Applied science and how I could defend against bad actors. It sounded like the author knew his subject field and was sharing.But the author needs a better editor. The focus of the book wanders, so that on the same folio the tone is for a person like me and and then a couple paragraphs later, someone who wants to be a social engineering auditor. I'd be fine either style, but the abiding flopping around made for difficult reading. (The biggest omission is in the first the text states there is an appendix, but there isn't)
The stories are the best role, though there isn't a solid narative to support them. Tidbits spring upward out of nowhere, then are non connected to the next page. I call back a lot could have been discussed effectually is numerous educational stories. That would have been much meliorate.
In the end, I learned virtually the author's website and the surface of social engineering. This could be seen as a primer, but it doesn't have the cohesiveness. (I'm non knocking the fact it is 6 years sometime, for me, and a lot of the data could be out of engagement).
...more
Why? - Because there are some ''cool'' ideas almost how to influence and dispense people and some software suggested. The beginning half of the book was ok but the second ane was awful! I even skipped the last 30 sheets, it was and then deadening!
Also, the World DOESN'T work like that - yous CAN'T just call the police officers and tell them ''i'm a detective then please requite me the Jhon Doll's Security Number...NOW! ''.
You can't ''hack'' computers so easily besides, we don't live in the 90'.
Plain,
three Stars.Why? - Considering there are some ''cool'' ideas almost how to influence and dispense people and some software suggested. The first half of the volume was ok but the second one was atrocious! I even skipped the last 30 sheets, it was so tiresome!
Also, the World DOESN'T work similar that - you lot CAN'T simply phone call the police force officers and tell them ''i'chiliad a detective so delight requite me the Jhon Doll'south Security Number...NOW! ''.
You can't ''hack'' computers so easily too, we don't live in the 90'.
Evidently, the volume was written for the boilerplate Joe who ''needs'' to be educated almost the dangerous Information technology World.
Afterward all the book is poorly written and slow in fact.
...more than
And so much valuable information, very fun and easy to read! Priceless!
Must read if you do security audit or but interested in social engineering!
This is besides ane of the all-time psychological volume so worth a expect even if you not interested in IT
Goodreads is hiring!
Learn more than »
News & Interviews
Welcome dorsum. Only a moment while we sign yous in to your Goodreads account.
Source: https://www.goodreads.com/book/show/9068044-social-engineering
0 Response to "Social Engineering the Art of Human Hacking Spark Notes"
Post a Comment