Sale!

Social Engineering Penetration Testing Executing Social Engineering Pen Tests Assessments and Defense 1st Edition by Watson Gavin, Mason Andrew, Ackroyd Richard 0124201822 9780124201248

Original price was: $50.00.Current price is: $35.00.

Social Engineering Penetration Testing Executing Social Engineering Pen Tests Assessments and Defense 1st Edition Gavin Watson Digital Instant Download

Author(s): Gavin Watson, Andrew Mason , Richard Ackroyd
ISBN(s): 9780124201248, 0124201245
Edition: 1
File Details: PDF, 15.11 MB
Year: 2014
Language: english
SKU: EB-4674898 Category: Tags: , ,

Social Engineering Penetration Testing Executing Social Engineering Pen Tests Assessments and Defense 1st Edition by Watson Gavin, Mason Andrew, Ackroyd Richard  – Ebook PDF Instant Download/Delivery: 0124201822, 9780124201248
Full download Social Engineering Penetration Testing Executing Social Engineering Pen Tests Assessments and Defense 1st Edition after payment

Product details:

ISBN 10: 0124201822
ISBN 13: 9780124201248
Author: Watson, Gavin; Mason, Andrew; Ackroyd, Richard

Social engineering attacks target the weakest link in an organization’s security—human beings. Everyone knows these attacks are effective, and everyone knows they are on the rise. Now, Social Engineering Penetration Testing gives you the practical methodology and everything you need to plan and execute a social engineering penetration test and assessment. You will gain fascinating insights into how social engineering techniques—including email phishing, telephone pretexting, and physical vectors— can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book’s easy-to-understand models and examples, you will have a much better understanding of how best to defend against these attacks.

The authors of Social Engineering Penetration Testing show you hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. You will learn about the differences between social engineering pen tests lasting anywhere from a few days to several months. The book shows you how to use widely available open-source tools to conduct your pen tests, then walks you through the practical steps to improve defense measures in response to test results.

Social Engineering Penetration Testing Executing Social Engineering Pen Tests Assessments and Defense 1st Table of contents:

Chapter 1. An Introduction to Social Engineering

Introduction

Defining social engineering

Examples from the movies

Famous social engineers

Real-world attacks

Summary

Chapter 2. The Weak Link in the Business Security Chain

Introduction

Why personnel are the weakest link

Summary

Chapter 3. The Techniques of Manipulation

Introduction

Pretexting

Impersonation

Baiting

Pressure and solution

Leveraging authority

Reverse social engineering

Chain of authentication

Gaining credibility

From innocuous to sensitive

Priming and loading

Social proof

Framing information

Emotional states

Selective attention

Personality types and models

Body language

Summary

Chapter 4. Short and Long Game Attack Strategies

Introduction

Short-term attack strategies

Long-term attack strategies

Summary

Chapter 5. The Social Engineering Engagement

Introduction

The business need for social engineering

Social engineering operational considerations and challenges

Challenges for the social engineers

Challenges for the client

Legislative considerations

Social engineering frameworks

Assessment prerequisites

Key deliverables

Social engineering team members and skill sets

Summary

Chapter 6. Ensuring Value Through Effective Threat Modeling

Introduction

Why the need for threat modeling?

Who would want to gain access to my business?

Summary

Chapter 7. Creating Targeted Scenarios

Introduction

The components of a scenario

Target identification

Pretext design mapping

Planning for the unknown

Designing to fail

Summary

Chapter 8. Leveraging Open-Source Intelligence

Introduction

The corporate website

E-mail addresses

Social media

DNS records

Summary

Chapter 9. The E-mail Attack Vector

Introduction

An introduction to phishing attacks

Why phishing attacks work

Spear phishing versus trawling

Spear phishing

Real-world phishing examples

American Express—drive-by-download

Dr. Atanasoff Gavin—advance fee fraud

Apple ID scam—credential harvesting

Nobody falls for this one. Nobody. Ever.

Active e-mail reconnaissance

Nondelivery reports

Out-of-office responses

The nonexistent meeting

Impersonating the absent staff member

Creating plausible e-mail scenarios

Work experience placements

Weaponizing the scenario

The college project

Weaponizing the scenario

The recruitment consultant

Salesperson

Defending against phishing attacks

Technological approaches

Human approaches

Setting up your own attack

Spoofed e-mails versus fake domain names

The SET

Spear phishing attack vector

Does this approach really work?

Malicious Java applets

Using cloned web sites to harvest credentials

Is all of this really social engineering?

Summary

Chapter 10. The Telephone Attack Vector

Introduction

Real-world examples

Environmental sounds

The issues with caller ID

Caller ID spoofing

Phone system hacks

Is the contact database up to date?

Transferring caller ID

How to figure out if your caller ID shows up

Summing it up

Building on the e-mail attack

Please contact Sarah in my absence

Who ya gonna call?

Job enquiries

Sales calls

Surveys

Impersonating staff members

The help desk

Employee numbers

Obtaining key information and access

Credentials and e-mail access

Physical access

The physical access zero day

Weaponizing your call

Summary

Chapter 11. The Physical Attack Vector

Introduction

Building on the e-mail and telephone attacks

Active information gathering

Props and disguises

Badges and lanyards

Tailgating

Lock picking

Once you’re inside

Summary

Chapter 12. Supporting an Attack with Technology

Introduction

Summary

Chapter 13. Writing the Report

Introduction

Data collection

Writing the report

Delivery of the report

Summary

Chapter 14. Creating Hardened Policies and Procedures

Introduction

Background

Social engineering defense: a proactive approach

Industry information security and cyber security standards

Developing fit for purpose social engineering policies and procedures

Summary

Chapter 15. Staff Awareness and Training Programs

Introduction

Current awareness training

A model for effective training

Summary

Chapter 16. Internal Social Engineering Assessments

Introduction

The need for internal testing

Designing the internal test

Summary

Chapter 17. Social Engineering Assessment Cheat Sheet

Introduction

Social engineering framework

Social engineering cheat sheet

Summary

Index

People also search for Social Engineering Penetration Testing Executing Social Engineering Pen Tests Assessments and Defense 1st :

social engineering toolkit penetration testing
    
discuss the role of social engineering in penetration testing
    
two methodologies for physical penetration testing using social engineering
    
what is social engineering testing

Tags:

Watson Gavin,Mason Andrew,Ackroyd Richard,Social Engineering Penetration