Social Engineering: The Art of Human Hacking Paperback – 17 Dec. 2010

Social engineering is used everyday, in every aspect of our life, without us even knowing at times! Not just by con men, hackers etc but sales reps, doctors, parents employers, teachers. Knowing and playing on human emotions is very powerful tool and can be used to manipulate people to do actions they normally would not do. The human brain is the CPU and hard-drive combined and this can be overloaded (human buffer attack) and manipulated by emotion triggering (which can be triggered by just bringing back a memory in the brain good/bad). Whether over the phone or in person (facial muscles perform certain twitches for every emotion, anyone watched Lie to Me?) the human is always open to attack.This book covers a wide range of topics, from how we use social engineering day to day in our personal lives, how the media/businesses use this globally and tests/case studies used by trained pentesters/social engineer auditors simply to just open peoples eyes to see this, its almost like our eyes are closed to all these techniques, as mostly done subconsciously.Would highly recommend having a read. I do believe the book is aimed at non-technical computer readers (as author really explains technical terms in layman) however even as a technical person this book still is very enjoyable read. It's all good breaking computer systems/networks but having the extra ability to break humans into giving you faster, direct, powerful entry is even more astonishing . This skill can be applied in every area of life, not just digitally, to ensure you are never ripped off (be it a sales man/media advertisements etc) and also helps you protect your family, work, business, investments, money and future as you will not be easily manipulated by this technique when you are aware.

A book containing the entire body of knowledge pertaining to Social Engineering is going to run to several volumes. Its such a wide subject encompassing a huge variety of topics that a single volume just isn't going to be able to cover them all in inordinate detail; even Microsoft canned Encarta when the Internet took off :). I therefore picked up this book hoping to gain an oversight into the field of Social Engineering, learn the most important aspects of it, and hopefully pick up some references for future study. It delivered on my expectations in spades.It first establishes the framework of social engineering, something that I think is incredibly important. Yes you can learn individual elements but without understanding where they sit in a framework (where they are most prudent, what inputs you need and what outputs you can expect) you limit your overall effectiveness as/understanding of a social engineer. It then proceeds to take you through each of the elements in turn, delivering a precis and expanding on specific salient points. Every section is accompanied with copious references for further research and its clear that the author is intimately familiar with his material. Moreover, its also clear that he has a passion for the subject matter and this comes across well in the book.Although written in a slight slant towards penetration testing, the author goes to great lengths to point out that in order to defend against something you need to understand how, where, and when someone will attack. Its something of an Infosec pastiche, but the Sun-Tzu quote "Know thine enemy better than one knows thyself" certainly applies here. As someone on the defence side, this book is invaluable in understanding how someone may use these techniques against us and should be a mandatory read for anyone tasked with creating an infosec program that really works.

It's informative and provides some classification on certain techniques that may well do without even realising when it comes to social interactions. Worth a read more than once I would say.

The book is packed with information. In fact I haven't finished reading it at the time of writing this. But I can say a few things. There is a lot of stuff you need to know contained within this book. But I have to say it is the scariest thing I've read. Then again there are a few things which didn't seem to right to me. One is that all it takes is an infected USB key to get into a large firm's servers. Why didn't it get stopped by the anti virus anti mal wear protection that is now ubiquitous? Further more, if you don't want employees using the USB ports, the computer administrator can disable them. If I was the CEO of a company and that nice man who left me a CD phones and asks what I thought of it. I would probabnly say I haven't got it back from security screening yet. All these things have to bee screened first before they can be put into our computers.If I was a company's receptionist or a first point of contact for outsiders I probably wouldn't put family photos on my desk, because that's just inviting people to ask questions about my home life and I am there to work and I believe in keeping strict boundaries between my work life and my home life.Does that mean I don't think I can be caught? That would be arogant and it's people who thing it can't happen to them, who are the first ones to get caught, isn't it?Too many things are on the internet these days and I agree with the author when he says they have no business being there. Things such as washing fridges, printers, a city's traffic light system. But corporate America wants to force more and more things onto the internet and people need to vote with their feet. I have a Hewlette Packard printer and recently HP have done something to the software so that the printer only works whilst it is connected to the internet. I am lothsome to replace a printer that is still working, but I can make sure it is switched off at the main when I am not using it. The book describes a new search engine which can locate any internet connected device and tell who owns it and more.In short I think everyone should get this book and protect themselves as best they can.As an adendum I think that all biometric login systems weaken security. A password is in your head or if it has to be written down it can be written in code. But hackers will soon find a way of using a video of your face to log into your computer account. The release of Windows 8.1 has made it necessary to be even more security conscious because your account isn't just local any more it is on the cloud where people could hack in from any machine and as you are forced to use your email as your log-in name anyone can get it.

Muy buen libro para iniciarse en la ingeniería social. El autor te pone ejemplos de la vida real y pone referencias de páginas que hablan sobre otros ejemplos aplicados en las auditorías. Me quedé satisfecho y con muchas ganas de adentrarme mucho más en este tema. Recomendado 100%

covers from the very basic to more advanced techniques of social engineering.of course this is not enough to become an expert but will surely help for both social engineering enthusiast and people who wants to defend themself.

Apart from delay in delivery all good

This is a great book that is meaty but not difficult to read. I found the style of writing to be very accessible without compromising the quality of the material.This book really should be required reading for all senior and mid-level corporate executives. It would save them a lot of money and time if they did so. I also think that it should be mandatory reading for most high school students!

Chris Hadnagy's book on Social Engineering is phenomenal. It is packed full of detailed information, complete with in depth explanation and real life examples. Chris has an excellent writing style that flows conversationally. Also, I have yet to find any errors (to include typos), which makes the read much more enjoyable as I tend to get distracted by errors. While most of what is presented could be found in other sources, never before has it been brought together in such a targeted and helpful way for those needing to learn these skills for security work. Chris shares many real life examples in a way that illustrate the principles he is teaching quite well, and demonstrates the practical applicability of what is being taught.I have also found this book to be particularly stimulating, and indeed even an intellectual curiosity. I believe that Chris is undertaking a sizable social engineering project, in which he is using the opportunity to teach social engineering to actually effect positive and permanent change on the reader (and "coincidentally" enough, this is precisely one of the goals for social engineering that Chris mentions). One can glean that Chris is a master of the art he teaches based on what he has written, and how he has written it. This book itself is a phenomenal experiment in social engineering in which Chris actually helps to make people more caring and empathetic towards others. The idea that one should truly care about others and work on developing true concern, empathy, and listening skill is sprinkled throughout the text in the beginning (pre-loading the reader), and then explicitly declared later on in the guise of becoming a better social engineer. At no point though did I feel as though this message was in any way artificial. It comes across very genuine, and I believe his recommendation truly will make the reader a better social engineer, and a better person. It is clear (to me at least) that Chris is either a psychopathic, wholly evil genius freak who takes pleasure in manipulating others, or he has an amazing understanding of the human mind as a result of his dedication to study and practice, and he truly cares for others and wants to effect positive change in them. I am fully convinced that it is the latter. I believe that a lack of empathy and true compassion is a serious problem in modern society, made worse as technology continues to eliminate the need for physical interaction between people. Chris is clearly using his talents to make the world a better place, and for that I want to thank him heartily.Interpret this as you will. I have never met Chris and I know nothing about him other than what I've learned from reading his book. If I've been duped then that is a testament to Chris' skill and mastery of the subject. If I haven't been duped, then take my recommendation and buy this book! Even if you aren't looking to make a career in security auditing, this book will help you communicate better in all aspects of your life. (You may even be able to convince your wife to have dinner at that awesome steak joint).