Skip to Main Content
Social Engineering: The Art of Human Hacking
book

Social Engineering: The Art of Human Hacking

by Christopher Hadnagy
December 2010
Beginner content levelBeginner
404 pages
11h 8m
English
Wiley
Content preview from Social Engineering: The Art of Human Hacking

Chapter 2. Information Gathering

War is ninety percent information.

——NAPOLEON BONAPARTE

It has been said that no information is irrelevant. Those words ring true when it comes to this chapter on information gathering. Even the slightest detail can lead to a successful social engineering breach.

My good friend and mentor, Mati Aharoni, who has been a professional pentester for more than a decade, tells a story that really drives this point home. He was tasked with gaining access to a company that had an almost nonexistent footprint on the Web. Because the company offered very few avenues to hack into, gaining this access would prove to be very challenging.

Mati began scouring the Internet for any details that could lead to a path in. In one of his searches he found a high-ranking company official who used his corporate email on a forum about stamp collecting and who expressed an interest in stamps from the 1950s. Mati quickly registered a URL, something like www.stampcollection.com, and then found a bunch of old-looking 1950 stamp pictures on Google. Creating a quick website to show his "stamp collection," he then crafted an email to the company official:

Dear Sir,

I saw on www.forum.com you are interested in stamps from the 1950s. Recently my grandfather passed away and left me with a stamp collection that I would like to sell. I have a website set up; if you would like to see it please visit www.stampcollection.com.

Thanks,

Mati

Before he sent the email to the target, he ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Security in Computing

Security in Computing

Shari Lawrence Pfleeger, Charles P. Pfleeger, Jonathan Margulies

Publisher Resources

ISBN: 9780470639535