Social engineering penetration testing : executing social engineering pen tests, assessments and defense /
This book gives the practical methodology needed to plan and execute a social engineering penetration test and assessment. It has insights into how social engineering techniques--including email phishing, telephone pretexting, and physical vectors--can be used to elicit information or manipulate ind...
Saved in:
Main Authors: | , , |
---|---|
Format: | Book |
Language: | English |
Published: |
Oxford:
Elsevier,
2014
|
Subjects: | |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Table of Contents:
- Front Cover; Social Engineering Penetration Testing; Copyright Page; Contents; Foreword; Acknowledgements; About the Authors; About the Technical Editor; 1 An Introduction to Social Engineering; Introduction; Defining social engineering; Examples from the movies; Sneakers; Hackers; Matchstick Men; Dirty Rotten Scoundrels; The Imposter; Famous social engineers; Kevin Mitnik; Frank Abagnale; Badir brothers; Chris Hadnagy; Chris Nickerson; Real-world attacks; The RSA breach; The Buckingham Palace breach; The Financial Times breach; The Microsoft XBox breach; Operation Camion; Summary. 2 The Weak Link in the Business Security ChainIntroduction; Why personnel are the weakest link; Secure data with vulnerable users; The problem with privileges; Data classifications and need to know; Security, availability, and functionality; Customer service mentality; Poor management example; Lack of awareness and training; Weak security policies; Weak procedures; Summary; 3 The Techniques of Manipulation; Introduction; Pretexting; Impersonation; Baiting; Pressure and solution; Leveraging authority; Reverse social engineering; Chain of authentication; Gaining credibility. From innocuous to sensitivePriming and loading; Social proof; Framing information; Emotional states; Selective attention; Personality types and models; Body language; Summary; 4 Short and Long Game Attack Strategies; Introduction; Short-term attack strategies; Targeting the right areas; Using the allotted time effectively; Common short game scenarios; Long-term attack strategies; Expanding on initial reconnaissance; Fake social media profiles; Information elicitation; Extended phishing attacks; Gaining inside help; Working at the target company; Targeting partner companies. Long-term surveillanceSummary; 5 The Social Engineering Engagement; Introduction; The business need for social engineering; Compliance and security standards; Payment Cards Industry Data Security Standard; ISO/IEC 27000 information security series; Human Resource Security, Domain 8; Physical and Environmental Security, Domain 9; Social engineering operational considerations and challenges; Challenges for the social engineers; Less mission impossible, more mission improbable; Dealing with unrealistic time scales; Dealing with unrealistic time frames; Taking one for the team; Name and shame. Project managementChallenges for the client; Getting the right people; Legislative considerations; The Computer Misuse Act 1990 (UK)-http://www.legislation.gov.uk/ukpga/1990/18; Section 1-Unauthorized access to computer material; Section 2-Unauthorized access with intent to commit or facilitate commission of further offenses; Section 3-Unauthorized acts with intent to impair or with recklessness as to impairing, operation of computer, etc.; The Police and Justice Act 2006 (UK)-http://www.legislation.gov.uk/ukpga/2006/48/contents