Social engineering penetration testing : executing social engineering pen tests, assessments and defense /
This book gives the practical methodology needed to plan and execute a social engineering penetration test and assessment. It has insights into how social engineering techniques--including email phishing, telephone pretexting, and physical vectors--can be used to elicit information or manipulate ind...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Book |
| Language: | English |
| Published: |
Oxford:
Elsevier,
2014
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
MARC
| LEADER | 00000cam a2200000 i 4500 | ||
|---|---|---|---|
| 001 | 18042651 | ||
| 003 | ZW-GwMSU | ||
| 005 | 20221111143700.0 | ||
| 008 | 140213s2014 ne a b 001 0 eng | ||
| 020 | |a 9780124201248 | ||
| 040 | |b English |c MSULIB |e rda | ||
| 050 | 0 | 0 | |a HM668 WAT |
| 100 | 1 | |a Watson, Gavin. |e author | |
| 245 | 1 | 0 | |a Social engineering penetration testing : |b executing social engineering pen tests, assessments and defense / |c created by Gavin Watson, Andrew Mason and Richard Ackroyd. |
| 264 | 1 | |a Oxford: |b Elsevier, |c 2014 | |
| 264 | 4 | |c ©2014 | |
| 300 | |a xx, 386 pages; |b illustrations, |c 24 cm. | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a unmediated |b n |2 rdamedia | ||
| 338 | |a volume |b nc |2 rdacarrier | ||
| 504 | |a Includes index. | ||
| 505 | |a Front Cover; Social Engineering Penetration Testing; Copyright Page; Contents; Foreword; Acknowledgements; About the Authors; About the Technical Editor; 1 An Introduction to Social Engineering; Introduction; Defining social engineering; Examples from the movies; Sneakers; Hackers; Matchstick Men; Dirty Rotten Scoundrels; The Imposter; Famous social engineers; Kevin Mitnik; Frank Abagnale; Badir brothers; Chris Hadnagy; Chris Nickerson; Real-world attacks; The RSA breach; The Buckingham Palace breach; The Financial Times breach; The Microsoft XBox breach; Operation Camion; Summary. 2 The Weak Link in the Business Security ChainIntroduction; Why personnel are the weakest link; Secure data with vulnerable users; The problem with privileges; Data classifications and need to know; Security, availability, and functionality; Customer service mentality; Poor management example; Lack of awareness and training; Weak security policies; Weak procedures; Summary; 3 The Techniques of Manipulation; Introduction; Pretexting; Impersonation; Baiting; Pressure and solution; Leveraging authority; Reverse social engineering; Chain of authentication; Gaining credibility. From innocuous to sensitivePriming and loading; Social proof; Framing information; Emotional states; Selective attention; Personality types and models; Body language; Summary; 4 Short and Long Game Attack Strategies; Introduction; Short-term attack strategies; Targeting the right areas; Using the allotted time effectively; Common short game scenarios; Long-term attack strategies; Expanding on initial reconnaissance; Fake social media profiles; Information elicitation; Extended phishing attacks; Gaining inside help; Working at the target company; Targeting partner companies. Long-term surveillanceSummary; 5 The Social Engineering Engagement; Introduction; The business need for social engineering; Compliance and security standards; Payment Cards Industry Data Security Standard; ISO/IEC 27000 information security series; Human Resource Security, Domain 8; Physical and Environmental Security, Domain 9; Social engineering operational considerations and challenges; Challenges for the social engineers; Less mission impossible, more mission improbable; Dealing with unrealistic time scales; Dealing with unrealistic time frames; Taking one for the team; Name and shame. Project managementChallenges for the client; Getting the right people; Legislative considerations; The Computer Misuse Act 1990 (UK)-http://www.legislation.gov.uk/ukpga/1990/18; Section 1-Unauthorized access to computer material; Section 2-Unauthorized access with intent to commit or facilitate commission of further offenses; Section 3-Unauthorized acts with intent to impair or with recklessness as to impairing, operation of computer, etc.; The Police and Justice Act 2006 (UK)-http://www.legislation.gov.uk/ukpga/2006/48/contents | ||
| 520 | |a This book gives the practical methodology needed to plan and execute a social engineering penetration test and assessment. It has insights into how social engineering techniques--including email phishing, telephone pretexting, and physical vectors--can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, the reader will have a much better understanding of how best to defend against these attacks. The authors show hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. The book shows how to use widely available open-source tools to conduct pen tests and the practical steps to improve defense measures in response to test results. -- Edited summary from book | ||
| 650 | 0 | |a Social engineering. | |
| 650 | 0 | |a Computer networks |x Security measures | |
| 650 | 0 | |a Computer security |x Management | |
| 650 | 0 | |a Data protection | |
| 700 | 1 | |a Mason, Andrew. |e author. | |
| 700 | 1 | |a Ackyord, Richard. |e author | |
| 942 | |2 lcc |c B | ||
| 952 | |0 0 |1 0 |2 lcc |4 0 |6 HM0668 W A T |7 0 |9 197341 |a ML |b ML |c Open Shelf |d 2022-11-07 |e Book Aid International |l 0 |o HM668 WAT |p BK145108 |r 2022-11-11 |t 157134 |v 35.05 |w 2022-11-11 |x Donation |y B | ||
| 999 | |c 160383 |d 160383 | ||