Social Engineering: The Art of Human Hacking

Social Engineering, the Art of Human Hacking (book)

Social Engineering, the Art of Human Hacking

Social Engineering, the Art of Human Hacking, is the first book to reveal and dissect the technical aspect of many social engineering maneuvers

From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering.

Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system.

Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.

  • Examines social engineering, the science of influencing a target to perform a desired task or divulge information
  • Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access
  • Reveals vital steps for preventing social engineering threats

Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.

From the Author: Defining Neuro-Linguistic Hacking (NLH)

Author Chris Hadnagy

NLH is a combination of the use of key parts of neuro-lingusitic programming, the functionality of microexpressions, body language, gestures and blend it all together to understand how to “hack” the human infrastructure. Let’s take a closer at each to see how it applies.

Neuro-Lingusitic Programming (NLP): NLP is a controversial approach to psychotherapy and organizational change based on “a model of interpersonal communication chiefly concerned with the relationship between successful patterns of behavior and the subjective experiences underlying them” and “a system of alternative therapy based on this which seeks to educate people in self-awareness and effective communication, and to change their patterns of mental and emotional behavior”

Neuro: This points to our nervous system which we process our five senses:
• Visual
• Auditory
• Kinesthetic
• Smell
• Taste

Linguistic: This points to how we use language and other nonverbal communication systems through which our neural representations are coded, ordered and given meaning. This can include things like:
• Pictures
• Sounds
• Feelings
• Tastes
• Smells
• Words

Programming: This is our ability to discover and utilize the programs that we run in our neurological systems to achieve our specific and desired outcomes.

In short, NLP is how to use the language of the mind to consistently achieve, modify and alter our specific and desired outcomes (or that of a target).

Microexpressions are the involuntary muscular reactions to emotions we feel. As the brain processes emotions it causes nerves to constrict certain muscle groups in the face. Those reactions can last from 1/25th of a second to 1 second and reveal a person’s true emotions.

Much study has been done on microexpressions as well as what is being labeled as subtle microexpressions. A subtle microexpression is an important part of NLH training as a social engineer as many people will display subtle hints of these expressions and give you clues as to their feelings.

Click Here For More Information

3 comments for “Social Engineering: The Art of Human Hacking

  1. Ben Rothke "Author of 'Computer Security: 20 ...
    October 7, 2012 at 11:03 AM

    The definitive book on social engineering One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes “tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable”. Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security.With that, Social Engineering: The Art of Human Hacking is a fascinating and engrossing book on an important topic. The author takes the reader on a vast journey of the many aspects of social engineering. Since social engineering is such a people oriented topic, a large part of the book is dedicated to sociological and psychological topics. This is an important area, as far too many technology books focus on the hardware and software elements, completely ignoring the people element. The social engineer can then use that gap to their advantage.By the time that you start chapter 2 on page 23, it is abundantly clear that the author knows what he is talking about. This is in stark contrast with How To Become The Worlds No. 1 Hacker, where that author uses plagiarism to try to weave a tale of being the world’s greatest security expert. Here, Hadnagy uses his real knowledge and experience to take the reader on a long and engaging ride on the subject. Coming in at 9 chapters and 360 pages, the author brings an encyclopedic knowledge and dishes it out in every chapter.Two of the most popular books to date on social engineering to date have been Kevin Mitnick’s The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. The difference between those books and Hadnagy, is that Mitnick for the most part details the events and stories around the attacks; while Hadnagy details the myriad specifics on how to carry out the social engineering attack.The book digs deep and details how the social engineer needs to use a formal context for the attack, and breaks down the specific details and line-items on how to execute on that. That approach is much more suited to performing social engineering, than simply reading about social engineering.Chapter 1 goes though the necessary introduction to the topic, with chapter 2 detailing the various aspects of information gathering. Once I started reading, it was hard to put the book down.Social engineering is often misportrayed as the art of asking a question or two and then gaining root access. In chapter 3 on elicitation, the author details the reality of the requirements on how to carefully and cautiously elicit information from the target. Elicitation is not something for the social engineer alone, even the US Department of Homeland Security has a pamphlet that is uses to assist agents with elicitation.After elicitation, chapter 4 details the art of pretexting, which is when an attacker creates an invented scenario to use to extract information from the victim.Chapter 5 on mind tricks starts getting into the psychological element of social engineering. The author details topics such as micro expressions, modes of thinking, interrogation, neuro-linguistic programming and more.Chapter 6 is on influence and the power of persuasion. The author notes that people are trained from a young age in nearly every culture to listen to and respect authority. When the social engineer takes on that role, it becomes a most powerful tool; far more powerful than any script or piece of software.The author wisely waits until chapter 7 to discuss software tools used during a social engineering engagement. One of the author’s favorite and most powerful tools is Maltego, which is an open source intelligence and forensics application. While the author concludes that it is the human element that is the most powerful, and that a great tool in the hand of a novice is worthless; the other side is that good tools (of which the author lists many), in the hands of an experienced social engineer, is an extremely powerful and often overwhelming combination.Every chapter in the book is superb, but chapter 9 – Prevention and Mitigation stands out. After spending 338 pages about how to use social engineering; chapter 9 details the steps a firm must put in place to ensure they do not become a victim of a social engineering attack. The chapter lists the following six steps that must be executed upon:* Learning to identify social engineering attacks* Creating a personal security awareness program* Creating awareness of the value of the information that is being sought by social…

  2. Dave
    October 7, 2012 at 11:20 AM

    A real gem in the bookshelf This book is one of the best books I read in regards to (IT) security. I do absolutely recommend this book to any pentester, security officer or person interested in this very interesting aspect of security. Performing penetration tests and security audits myself I try to especially implement SE in tests and audits since it is the best way to find issues and the human factor is neglected in most of the tests and reviews.There was no book like this book before dealing with Social Engineering. At best SE has been mentioned in a book about security and only a couple pages were dedicated to it. But nowadays SE is becoming more and more important to keep in mind. The times when attackers and pentesters could exploit weaknesses in applications and services without the need of user interaction are mostly over. Usually the user has to open a malicious file for example a PDF file. This book explains how this can be achieved and also what to keep in mind when preparing an awareness training.Reading this book will teach you how SE attacks are being performed, the background and underlying principles of them as well how to detect and mitigate them.Chris explains everything in a very good and understandable way giving a lot of examples and infos on where to start with further research on the explained techniques (e.g. NLP, microexpressions…).It is definately a must have.

  3. Ronald A. Woerner
    October 7, 2012 at 11:36 AM

    MUST READ for Security Professionals Finally, we have a book on hacking humans that contains details of psychology and human factors related to security. There is no other book like it. For that reason, it’s a must read for all security professionals.Humans are and always will be the weakest security link. PERIOD. Up to now, there hasn’t been a comprehensive book on (1) how to orchestrate a Social Engineering campaign; (2) how to prevent a Social Engineer from breaching your defenses; and (3) psychological principals of how humans think and operate. This book has all three. It includes the details necessary to fully understand critical concepts for Social Engineering such as pretexting, elicitation, and influence, which provides a great framework on how to manipulate humans to take the actions you want. I’ve found that many computer security professionals aren’t fluent in human factors. By reading this book, they will glean that knowledge.BUT WAIT, THERE’S MORE, Chris also includes case studies to see the principles in action. These studies from Chris’ experience as a professional Social Engineer round out this outstanding book.Security professionals: If you read only one book in 2011, make it Social Engineering: The Art of Human Hacking by Chris Hadnagy.

Leave a Reply

Your email address will not be published. Required fields are marked *