Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover image Title page Table of Contents Copyright Foreword Acknowledgements About the Authors About the Technical Editor Chapter 1. An Introduction to Social Engineering
Introduction Defining social engineering Examples from the movies Famous social engineers Real-world attacks Summary
Chapter 2. The Weak Link in the Business Security Chain
Introduction Why personnel are the weakest link Summary
Chapter 3. The Techniques of Manipulation
Introduction Pretexting Impersonation Baiting Pressure and solution Leveraging authority Reverse social engineering Chain of authentication Gaining credibility From innocuous to sensitive Priming and loading Social proof Framing information Emotional states Selective attention Personality types and models Body language Summary
Chapter 4. Short and Long Game Attack Strategies
Introduction Short-term attack strategies Long-term attack strategies Summary
Chapter 5. The Social Engineering Engagement
Introduction The business need for social engineering Social engineering operational considerations and challenges Challenges for the social engineers Challenges for the client Legislative considerations Social engineering frameworks Assessment prerequisites Key deliverables Social engineering team members and skill sets Summary
Chapter 6. Ensuring Value Through Effective Threat Modeling
Introduction Why the need for threat modeling? Who would want to gain access to my business? Summary
Chapter 7. Creating Targeted Scenarios
Introduction The components of a scenario Target identification Pretext design mapping Planning for the unknown Designing to fail Summary
Chapter 8. Leveraging Open-Source Intelligence
Introduction The corporate website E-mail addresses Social media DNS records Summary
Chapter 9. The E-mail Attack Vector
Introduction An introduction to phishing attacks Why phishing attacks work Spear phishing versus trawling Spear phishing Real-world phishing examples American Express—drive-by-download Dr. Atanasoff Gavin—advance fee fraud Apple ID scam—credential harvesting Nobody falls for this one. Nobody. Ever. Active e-mail reconnaissance Nondelivery reports Out-of-office responses The nonexistent meeting Impersonating the absent staff member Creating plausible e-mail scenarios Work experience placements Weaponizing the scenario The college project Weaponizing the scenario The recruitment consultant Salesperson Defending against phishing attacks Technological approaches Human approaches Setting up your own attack Spoofed e-mails versus fake domain names The SET Spear phishing attack vector Does this approach really work? Malicious Java applets Using cloned web sites to harvest credentials Is all of this really social engineering? Summary
Chapter 10. The Telephone Attack Vector
Introduction Real-world examples Environmental sounds The issues with caller ID Caller ID spoofing Phone system hacks Is the contact database up to date? Transferring caller ID How to figure out if your caller ID shows up Summing it up Building on the e-mail attack Please contact Sarah in my absence Who ya gonna call? Job enquiries Sales calls Surveys Impersonating staff members The help desk Employee numbers Obtaining key information and access Credentials and e-mail access Physical access The physical access zero day Weaponizing your call Summary
Chapter 11. The Physical Attack Vector
Introduction Building on the e-mail and telephone attacks Active information gathering Props and disguises Badges and lanyards Tailgating Lock picking Once you’re inside Summary
Chapter 12. Supporting an Attack with Technology
Introduction Summary
Chapter 13. Writing the Report
Introduction Data collection Writing the report Delivery of the report Summary
Chapter 14. Creating Hardened Policies and Procedures
Introduction Background Social engineering defense: a proactive approach Industry information security and cyber security standards Developing fit for purpose social engineering policies and procedures Summary
Chapter 15. Staff Awareness and Training Programs
Introduction Current awareness training A model for effective training Summary
Chapter 16. Internal Social Engineering Assessments
Introduction The need for internal testing Designing the internal test Summary
Chapter 17. Social Engineering Assessment Cheat Sheet
Introduction Social engineering framework Social engineering cheat sheet Summary
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion