Review of Social Engineering the Science of Human Hacking
See a Problem?
Thanks for telling us well-nigh the trouble.
Friend Reviews
Community Reviews
Here is a large part of where my excitement originated: this book is i of the first books to pull together commentary on the types of things social engineers have known and been doing. This book, equally well equally social-engineer.org and _No Tech Hacking_ ar
Allow me starting time by saying that Social Engineering is 1 of the two areas of information security where I have specialized (in addition to application security), then I was looking forward to this book, and, undoubtedly, I set my expectations besides highly.Here is a big function of where my excitement originated: this book is one of the get-go books to pull together commentary on the types of things social engineers have known and been doing. This volume, likewise every bit social-engineer.org and _No Tech Hacking_ are essentially pioneers at getting these techniques, tips, and tactics collected beyond an anecdotal way.
That said, it was badly put together:
* Numerous assertions were not fact-checked (some having been repeatedly debunked)
* The audience wasn't articulate, and seemed to mutate
* Commentary meandered, went off-topic, and fifty-fifty repeated itself in unhelpful ways
* The use of quotes, anecdotes, and studies seemed haphazard
* Long web links were written out in the books, instead of shortened ones
* etc.
For well-nigh of the above, I can't totally blame the author, who was coming to this as a Social Engineering subject matter good, not a author, only the publisher or editor should have been on top of those things.
What was probably most frustrating about the aforementioned items, yet, is that the book could spend so much time on the arts of persuasion, and fully fail to execute them in text.
Every bit far as the content (bold an editor or ghost-writer could have given information technology catamenia and cohesion), most of the data was 5-15+ years one-time. To be fair, notwithstanding, this is not totally an indictment of the book, but also the security industry every bit a whole, which is primarily an artifact of our collective trend to revel in our exploits rather than put endeavor and attention into addressing the problems that lead to easy social engineering (or other security) exploits. (Note: this tendency is repeated in this book, too, with 24 of 382 pages being about "Prevention and Mitigation").
In the end, this book was due back at the library, then, while I read over one-half of information technology, I concluded upward skimming the residue. It wasn't worth checking out, again.
...more
Indeed, while it does get into some really decent particular focusing on sensation of methods, it actually shines in highlighting how one might go into business equally an Auditor, themselves.
All in all, it is the mod confidence game. You've got thieves and thief-takers. Yous've got an amazing variety of people out in that location that simply don't have enough precautions and so you've got others that
This is a pretty good white-chapeau breakdown of techniques that exploit the more than psychological aspects of hacking.Indeed, while it does go into some really decent detail focusing on awareness of methods, it really shines in highlighting how one might go into business every bit an Auditor, themselves.
All in all, it is the modern confidence game. You've got thieves and thief-takers. You've got an amazing variety of people out at that place that simply don't take plenty precautions and then you've got others that aren't paying close enough attention to the Right kind of precautions.
Can you imagine having a multi-million dollar security system, teams of devoted security analysts, a fort-knox door, good cardinal cards, and an first-class magnetic lock... all foiled by waving a t-shirt? Or because you helped a secretary out by warning her of her bad-mood boss... or by being an all-right guy helping you out of a jam?
Only these kinds of things happen all the time. We've all heard of fishing. We know not to open untrusted pdf files. We know that we demand to keep our software updated and relatively improve protected from quondam exploits. RIGHT? Well, apparently non. Social creatures exercise as social creatures do. People who help you out of jams or mirror your expressions or appear out of nowhere with official-sounding titles and fantabulous business concern cards are ever... TRUSTED. Someone with a CFO championship demands that you practice something or lose your job. What practise y'all do?
The thing is, most businesses fix themselves up for this kind of chicanery. If you instill respect and/or fear in your employees, don't be surprised when someone from the exterior exploits the natural man reactions that come with being mistreated and/or indoctrinated. Being free to enquire questions and verify credentials should be encouraged... fifty-fifty when an angry CFO keeps threatening an employee. (Existent or not real, the terms of engagement ought to be the same.)
Alas. At that place's a lot more than like this in the book and it's all pretty fascinating. It helps to be a genuine people person if you lot get into this line of piece of work, merely there are lots of unlike kinds of techniques. The point is to have a well-rounded toolbox and display confidence. Because y'all're a white-hat... right?
...more than
and I was blown away! Information technology was very exciting – that guy has GUTS! I wanted to read more than nearly the technique, not necessarily with the goal of learning how to social-engineer people in listen, but rather to try and recognize the signs so I can discover if ever I am being social-engineered!
This book is quite thorough and there is no denying the cloth is interesting, but I found it too long. There was also much "telling me most
I first became enlightened of the concept of Social Technology when I read and I was blown abroad! It was very exciting – that guy has GUTS! I wanted to read more almost the technique, not necessarily with the goal of learning how to social-engineer people in mind, but rather to try and recognize the signs so I can observe if ever I am existence social-engineered!
This book is quite thorough and there is no denying the material is interesting, simply I found it too long. At that place was too much "telling me virtually what I'g about to read" which I constitute completely redundant and annoying. Don't tell me about what you lot are going to write, but write it and allow me read information technology!!
Aside from that complaint, the book had me hooked.
...more
Book contains plenty of useful data, but I didn't like it at all ;/
Why?
1. Narrator in Aural version was far also monotonous & fabricated even the about interesting cases audio dull.
2. Volume is as well repetitive, while in the aforementioned time it lacked clear structure -> this deepens the feeling of repetition
3. Author does a lot of 'inexpensive' NLP on the reader -> to piece of cake to look through & too annoying ("side by side, y'all'll read about the best & well-nigh fascinating techniques of influence and manipulation th
Book contains plenty of useful information, merely I didn't like it at all ;/
Why?
1. Narrator in Audible version was far too monotonous & made even the most interesting cases sound deadening.
two. Book is too repetitive, while in the same fourth dimension information technology lacked clear structure -> this deepens the feeling of repetition
3. Author does a lot of 'cheap' NLP on the reader -> to easy to expect through & as well annoying ("next, you'll read nigh the all-time & virtually fascinating techniques of influence and manipulation that will accident your listen!!!" - sort-of-style)
4. Author own't merely inspired past classics, he explicitly quotes techniques & even full cases (!) - e.g. from Mittnick's "Art of Charade". Well, he doesn't hide information technology (quite the contrary), simply it as well means that if y'all've read Cialdini, Mittnick & some NLP stuff, you won't observe anything really new (or refreshing) here.
So, if you haven't read annihilation on SE until at present, it's a skilful starter - easy set, comprehensive enough, very practical. Sometimes confusing (writer tin't decide whether it'southward supposed to serve white-hack SEs or individuals who should raise their awareness), merely all the same useful. If y'all've already read something OR you want to beginning with more comprehensive psychological arroyo, start with Cialdini ("Influence" should become first).
...more than
The audience is not clear, just I do not believe it needs to be. The fact that the writer repeatedly talks throughout about techniques you tin can use to social engineer, just and so closes the book out with a affiliate on "Prevention and Mitigation" highlighted, to me, that the book was designed more as a wake-up call to those, similar the CEO he mentions in one of his case study, that believe themselves immune from the potentially negative furnishings of social applied science.
I find information technology interesting
An easy read.The audience is non clear, but I practice not believe it needs to be. The fact that the writer repeatedly talks throughout most techniques you can use to social engineer, only and then closes the volume out with a affiliate on "Prevention and Mitigation" highlighted, to me, that the book was designed more as a wake-upwards telephone call to those, like the CEO he mentions in i of his example study, that believe themselves immune from the potentially negative furnishings of social technology.
I discover it interesting that the author talks at length almost the use of cloned sites and the use of malicious code on websites as a tool for the social engineer, and so directs the reader to specific sites, and .pdf files throughout the book. I am not sure if I am imputing besides much to the author's strategy in writing the volume, but the willingness to look at those websites and observe those .pdfs to be an interesting example of social engineering in and of itself.
In summ: the book was depressingly informative and idea provoking. I think that it does offer an effective wake-upward call, but can besides have the consequence of making those prone to paranoia flip-out.
I also note the irony of writing a review of a social engineering book on a website which in turn is an avenue for social engineering science.
...more
Other than that, it is a nice systematic review of social applied science methods.
And while reading this book I realized why we shouldn't share as of data about ourselves in social networks (it'due south not like I didn't know it, just at present I understand it). However, not sharing information on social networks besides is data that can exist used, so I conclude with same as the author: security through didactics. Demand to A typical american-style book - as well much repetition and redundancy of words.
Other than that, it is a nice systematic review of social engineering methods.
And while reading this book I realized why we shouldn't share every bit of information near ourselves in social networks (it's not similar I didn't know it, merely at present I sympathise information technology). Even so, not sharing information on social networks likewise is information that can be used, so I conclude with same as the author: security through education. Need to be aware of this. ...more
At that place are introduced interesting topics that tin be used in an SE process like elicitation, framing, persuasion techniques, NLP etc. but you cannot grasp the who This books contains the basic principles of Southward.Eastward. The very downside of it though, is that the information provided in each domain is too lilliputian. One time you hit a new chapter and have a glance at the championship you would say wow it must be very interesting but as yous go on along the content you get disappointed since many things stays opaque.
There are introduced interesting topics that can exist used in an SE process similar elicitation, framing, persuasion techniques, NLP etc. but you cannot grasp the whole idea by reading the corresponding topic in the book and y'all must refer to a more than stiff book in that regard.
I would recommend this volume a very bones introduction and guideline to those who are interested in SE. ...more than
With these shortcomings bated, I did appreciate the topics on information gathering, microexpressions, the clarification of Kali Linux's (still chosen Backtrack when the book was writt Decent book if this is one's get-go interaction with the topic. If not, the repetitive, meandering and occasionally off-topic commentary coupled with a hefty corporeality of outdated data, plus the long internet links thrown in together with the text, instead of in an appendix, volition make it a difficult read at times.
With these shortcomings aside, I did capeesh the topics on data gathering, microexpressions, the clarification of Kali Linux'southward (still called Backtrack when the book was written) tools that are oriented towards social engineering science, and some of the example studies. ...more
dark mode reading ;
skaitom nakties rezimu
About the Book: What information yous have on your social media profiles? Are there pictures of your dwelling house there, your family? Is the name there – existent? So if I chosen you to ask almost your banking concern details, knowing your name, and your banking concern, how would you know I'm not in it for your life savings if I, seemingly, asked naught of value?… When's the last time y'all did one of those "tag a friend" things that ask you lot for v facts
all reviews in one place:night manner reading ;
skaitom nakties rezimu
About the Volume: What information yous have on your social media profiles? Are at that place pictures of your home there, your family? Is the name there – existent? So if I chosen you to inquire nearly your banking concern details, knowing your name, and your bank, how would you know I'm not in it for your life savings if I, seemingly, asked nothing of value?… When's the last time yous did one of those "tag a friend" things that ask you for five facts, your favorite color, nutrient, potable? Do you apply the countersign you lot use in that profile – somewhere else too? When's the last fourth dimension you updated it? And is your security question – the easiest one to call up?…
My Opinion: A genuinely brilliant book that is as well very apropos. The states the humans are easy to manipulate. A driblet of empathy hither, a flake of solidarity in that location, an instilled respect or fear of authorities, and we don't question things. Think you can read people, and have a great gut feeling? Read it. The only issue I had with it was the pronouns used. An instance is given where the abstract situation contains a person. We are led into it to "meet" this person. and so of a sudden that person obtains a gender. And so now that you see this person, look her in the eyes. I was okay with them being a person, don't brand me turn the person into someone more than specific mid-judgement, please.
...more
So logically defense should start with awareness and training, and not just of Information technology personnel, but everyone - since in 21st Century we all have digital presence.
This a good overview of metho I agree with school of thought that states "Homo is the weakest link in cyber security chain." In most cases it's much easier to merely ask for password nicely and get information technology than to interruption open Bone, then account, then database, then bank etc. Or why enquire password, if you tin just ask for money or documents themselves?
So logically defense should kickoff with awareness and training, and not only of It personnel, but everyone - since in 21st Century we all accept digital presence.
This a proficient overview of methods and assail vectors - and exactly that, "overview", considering to become social engineer one should add some years of exercise to the book itself.
It as well fabricated me consider what I would consider social engineering, because, in a manner, some of the elements are relevant to any communication - rapport, empathy, careful listening etc. ...more
This book looked to me like it has broke man relations down into fine pieces and made information technology easy to understand. The volume bases its arguments on reasearch the author's team and other psychologists have conducted too as public experiments and events. The one thing this volume was, to me, defective was examples from history.
Arm yourself with noesis.This book looked to me like information technology has broke man relations downwards into fine pieces and made it easy to sympathise. The volume bases its arguments on reasearch the author'southward team and other psychologists have conducted as well as public experiments and events. The one affair this book was, to me, defective was examples from history.
...more
I believe it's skilful to be aware of it so it won't happen so easily to you. People are then easily manipulated.
I believe it's proficient to be enlightened of it so information technology won't happen so hands to you lot. ...more than
This volume shows how to make people do what you want to do, wile too making them think i I found that this book is vary interesting. Later reading this book I watched the Television set prove that the author made about the same thing. Wile reading this book I learned about social engineering and how to use and manipulate people using the tactics used in the book. The book as well is a good thing to learn about to protect your self from the people trying to hurt or scam me using the tactics in the book.
This book shows how to make people practice what you lot want to exercise, wile also making them think its their idea and to make them call up that it will likewise benefit them, but actually is putting them at a disadvantage on them. Giving me or the attacker the advantage. The book besides shows how to infiltrate corporations to get data. From reading this book It has showed me the light in the nighttime and now when I grow up I desire to employ use this info in a chore in the future. This book has sparked a interest in me to fine more nearly social engineering as a hobby and equally a chore. I will only utilize this book information to benefit and not for evil entente.
I be leave everyone should read this book. It shows how to protect your self from people who want to harm y'all past showing how to prevent it. To keep your information, and possibly company safe from harms manner.
"If you know the enemy and know yourself you lot need
not fear the results of a hundred battles.
—Dominicus Tzu (Page 25)"
"War is ninety percent data.
—Napoleon Bonaparte (Page 47)"
This book is probably best served as paper, versus sound - or at least supplemented with the bodily book. This is partly due to the many lists and references and partly due to the off-putting narration. Information technology wasn't bad, simply "good" isn't quite the right word either.
This book and further
A well done overview with added depth in primal areas - overall, an excellent resource for whatsoever It professional person and volition provide utility for a penetration tester looking to strengthen the person-to-person attack vector.This book is probably best served as paper, versus audio - or at least supplemented with the actual book. This is partly due to the many lists and references and partly due to the off-putting narration. It wasn't bad, but "good" isn't quite the right give-and-take either.
This book and further report (and practice) in the areas outlined are a means to condign a more effective Penetration tester.
To the accusers that Hadnagy is presenting tools for manipulation, and criticizing him for that... you are missing the point. Attackers volition use whatsoever means; upstanding or not, to infiltrate a visitor's infrastructure. NLP, framing, microexpressions - all of the tools and techniques covered in this book. And they volition utilize others only partly best-selling in this book, such as bribery and other means of social leverage. Understanding that "manipulating" humans is common in this field is vital to defence against them.
It is ironic that most people are manipulated on a daily basis by advertisers and governments, yet tin't come to terms with the methods in the context of data security. This isn't conspiracy theory - it is business.
Anyway - neat book for understanding the challenges of IT security, particularly for the understanding of man vulnerabilities in lodge to deliver network infiltration devices and software.
...more
Body
This is a pretty good into to SE, and some squeamish anecdotes are thrown in along the way. If you've already been studying the topic, a lot of it is redundant merely I can see it beingness a nice matter to have one's employees read in order to have SE seriously equally a security issue. He touches on microexpressions and Neurolinguistic Programming (NLP) in deceptive conversations, but these are very surface-level discussions. Here are a few resources I've found on various subjects that are more deep-dives: Trunk Linguistic communication
What Every Body is Saying - Navarro [Practiced intro]
The Definitive Book of Body Language - Pease [A visual glossary]
Body Language Success [Analyzing torso language and microexpressions in news and celebrity video clips]
Persuasion
Never Split the Deviation - Voss [Negotiating]
Get Anyone to Practise Anything - Lieberman
The Science of Influence - Hogan
How to Talk to Anyone - Lownders [Rapport, charisma]
Neuolinguistic Programming
NLP Workbook - O'Connor
Pitch Anything - Klaff
Physical Tools
How to Open Locks with Improvised Tools - Konkel
Social Engineering
The Art of Charade - Mitnick [SE scripts and anecdotes]
But the author needs a better editor. The focus of the volume wanders, so that on the same folio the tone is for a person like me so a couple paragraphs later, someone who wants to exist a social engineering accountant. I'd exist fine either way, but the abiding flopping around fabricated for hard reading. (The biggest omi
I picked up the book with the intent of learning more about Social Applied science and how I could defend confronting bad actors. It sounded like the writer knew his bailiwick and was sharing.But the author needs a better editor. The focus of the book wanders, so that on the same page the tone is for a person like me and so a couple paragraphs later, someone who wants to be a social technology auditor. I'd be fine either way, only the constant flopping around made for difficult reading. (The biggest omission is in the beginning the text states there is an appendix, but there isn't)
The stories are the best function, though there isn't a solid narative to support them. Tidbits spring up out of nowhere, then are non continued to the next page. I think a lot could have been discussed around is numerous educational stories. That would take been much better.
In the end, I learned virtually the author's website and the surface of social engineering. This could be seen every bit a primer, simply it doesn't have the cohesiveness. (I'm not knocking the fact it is six years sometime, for me, and a lot of the information could be out of date).
...more
Why? - Because there are some ''cool'' ideas about how to influence and manipulate people and some software suggested. The kickoff one-half of the book was ok but the 2nd one was atrocious! I fifty-fifty skipped the final xxx sheets, it was so boring!
Also, the Globe DOESN'T work like that - you CAN'T just phone call the police officers and tell them ''i'thou a detective and then please give me the Jhon Doll's Security Number...NOW! ''.
You can't ''hack'' computers so easily besides, we don't live in the 90'.
Obviously,
iii Stars.Why? - Because there are some ''cool'' ideas nearly how to influence and manipulate people and some software suggested. The first half of the book was ok but the second one was awful! I fifty-fifty skipped the concluding 30 sheets, it was so boring!
Also, the Globe DOESN'T work like that - you lot CAN'T but telephone call the police officers and tell them ''i'm a detective and then please give me the Jhon Doll'south Security Number...NOW! ''.
Yous can't ''hack'' computers so easily as well, we don't alive in the 90'.
Patently, the book was written for the average Joe who ''needs'' to be educated about the dangerous It World.
After all the volume is poorly written and boring in fact.
...more than
So much valuable information, very fun and easy to read! Priceless!
Must read if y'all do security audit or simply interested in social applied science!
This is also one of the all-time psychological volume and then worth a look even if you not interested in Information technology
Goodreads is hiring!
Larn more »
Related Articles
Welcome back. Just a moment while nosotros sign yous in to your Goodreads business relationship.
Source: https://www.goodreads.com/book/show/9068044-social-engineering