February 2014
Intermediate to advanced
256 pages
5h 1m
English
book
Unmasking the Social Engineer: The Human Element of Security
by Christopher Hadnagy, Paul Kelly F., Paul Ekman
Content preview from Unmasking the Social Engineer: The Human Element of SecurityBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 2
What Is Social Engineering?
Enlightenment is not imagining figures of light but making the darkness conscious.
—Carl Gustav
I define social engineering as any act that influences someone to take an action that may or may not be in his or her best interest. As mentioned briefly in Chapter 1, I once was hired to infiltrate warehouses without breaking and entering. To do so, I used the social engineering methods of pretexting, role playing, and three or four different aspects of influence. My intent was to test the company's defenses to see if the employees followed policy. I also tried to take pictures of the exits, camera locations, and other aspects that a real criminal would use to come back later and break in. A typical scenario went something like this:
I drove to the warehouse and pressed the intercom button at the front door. I said, “Hi, this is Paul from your waste company. I need to check the serial number on your trash compactor.”
The door buzzed, and I was let into the inner area of the warehouse. I faced a wall-to-wall, floor-to-ceiling metal mantrap. A security guard looked in and said, “Hold on a minute. The floor manager is coming to escort you.”
A few minutes later, Roy, the floor manager, came out to greet me. I was buzzed through the ominous-looking mantrap and was sent to the security guard desk. The security guard asked for my ID. I looked at him and then at the mantrap and said, “I left my wallet in my car. But I do have my company ID. Is that okay?” ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.