Foreword by Troy Hunt – Founder of Have I Been Pwned
I remember precisely where I was when I first saw Erdal talk about social engineering: it was a jam-packed room at Microsoft’s TechEd, overflowing into the hallway if memory serves me. Software developers and IT pros alike had flooded into the room to hear about this phenomenon which sounded so intriguing – the ability to bend people to your will with what must have seemed like mind control to many people. The audience was in raptures as they learned about how the best technology controls we had at our disposal were so readily circumvented due to the fallibility of the organic matter sitting at the keyboard.
But the memory that sticks with me to this day is not the content, but rather how Erdal made people feel; scared, entertained and lusting for more. Of course, there was substance to the talk, as there was to many others that day and indeed the hundreds of others I must have seen since then. Substance alone, however, is not what makes a lesson stick nor is it what makes a lasting impression. Passion, enthusiasm and engagement were the ingredients that made my first encounter with Erdal memorable and indeed they’re the traits I’ve subsequently borrowed from him in my own speaking career.
Upon reflection, I suspect that talk was, itself, a degree of social engineering – he was manipulating the emotions of the audience. We’re all susceptible to it in one form or another simply because we respond to the sentiments it elicits within us. We’ve all experienced fear, greed, urgency, curiosity and sympathy, among many of the other feelings an adept social engineer plays upon. The trick is in understanding the right buttons to push in order to bend the victim (or in this case, the audience) to your point of view.
Over time, the mechanics of social engineering has become ever more important for us to understand. Whilst us humans haven’t particularly changed in terms of how we respond to those aforementioned emotions, the technology landscape we live within has changed a great deal in ways that make this style of attack ever more effective.
For example, we’ve never had access to more open source intelligence data than we do today and that same statement will still hold true if you read this again a year from now. The number of channels through which social engineering attacks can be mounted are also expanding; it’s no longer just phishing attacks in emails, we see malicious attacks being mounted via every conceivable communication platform by which adversaries can get their message in front of victims.
In this book, Erdal takes a very practical look at the mechanics of how these attacks take place. It’s a thorough overview yet is also readily consumable and packed with real world examples. Erdal goes beyond the theory and academics and drills down into easily accessible resources, reproducible steps and industry precedents that demonstrate just how effective social engineering attacks can be. Perhaps most importantly though, he lays a foundation that paves the way for those of us defending against these attacks to better prepare both our systems and our people.
I hope that you come away from reading this book feeling the same way as Erdal’s audience did when I first saw him talk – scared, entertained and lusting for more!
Founder of Have I Been Pwned
Foreword of Learn Social Engineering
More About Troy Hunt
Troy Hunt,is an Australian Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security. I don’t work for Microsoft, but they’re kind enough to recognise my community contributions by way of their award programs which I’ve been a part of since 2011. You’ll regularly find me in the press talking about security and even testifying before US Congress on the impact of data breaches.
I’m a Pluralsight author of many top-rating courses on web security and other technologies with more than 30 courses published to date. There’s no better way to get up to speed on a topic quickly than through professional training that you can take at your own pace. As both an author and a student, I have nothing but positive things to say about the breadth and quality of Pluralsight courses.
Have I Been Pwned
One of the key projects I’m involved in today is Have I Been Pwned (HIBP), a free service that aggregates data breaches and helps people establish if they’ve been impacted by malicious activity on the web. As well as being a useful service for the community, HIBP has given me an avenue to ship code that runs at scale on Microsoft’s Azure cloud platform, one of the best ways we have of standing up services on the web today.
Speaking and Workshops
I regularly speak around the world and run developer-focused security workshops. You’ll regularly find me at major technology events and I publish both my upcoming travels and previous speaker scores as soon as they’re known.
For fourteen years prior to going fully independent, I worked at Pfizer with the last seven years being responsible for application architecture in the Asia Pacific region. Time spent in a large corporate environment gave me huge exposure to all aspects of technology as well as the diverse cultures my role spanned. Many of the things I teach in post-corporate life are based on these experiences, particularly as a result of working with a large number of outsourcing vendors across the globe. For more corporatey background, there’s always my LinkedIn profile.
I’m based on the Gold Coast in Australia (the sunny part of the sunny country!) and can be contacted via the contact page. I’m happy to be emailed about technical queries, press inquiries and certainly any corrections or suggestions for material.
Learn Social Engineering
- Learn to implement information security using social engineering
- Get hands-on experience of using different tools such as Kali Linux, the Social Engineering toolkit and so on
- Practical approach towards learning social engineering, for IT security
This book will provide you with a holistic understanding of social engineering. It will help you to avoid and combat social engineering attacks by giving you a detailed insight into how a social engineer operates.
Learn Social Engineering starts by giving you a grounding in the different types of social engineering attacks,and the damages they cause. It then sets up the lab environment to use different toolS and then perform social engineering steps such as information gathering. The book covers topics from baiting, phishing, and spear phishing, to pretexting and scareware.
By the end of the book, you will be in a position to protect yourself and
your systems from social engineering threats and attacks.
All in all, the book covers social engineering from A to Z , along with excerpts from many world wide known security experts.
What you will learn
- Learn to implement information security using social engineering
- Learn social engineering for IT security
- Understand the role of social media in social engineering
- Get acquainted with Practical Human hacking skills
- Learn to think like a social engineer
- Learn to beat a social engineer
Who this book is for
This book targets security professionals, security analysts, penetration testers, or any stakeholder working with information security who wants to learn how to use social engineering techniques. Prior knowledge of Kali Linux is an added advantage
Table of Contents
- Introduction to social engineering
- The psychology of social engineering (mind tricks used)
- Fundamentals of influence and persuasion
- Information gathering
- Targetting and Recon
- The tools used in social engineering
- Prevention and mitigation
- Case studies of social engineering
- Ask the Experts- Part 1
- Ask the Experts – Part 2
- Ask the Experts – Part 3
- Ask the Experts- Part 4
You can order the book from Amazon via this link , or any other book retailer of your choice
Order Via Amazon:Order From Amazon
Order Via Packt Publishing :Order From Pakct
Order Via Amazon AU
Order Via World of Books World of Books
Order Via Angus & Robertson Angus & R
Dymocks Order From Dymocks
To learn about my other books :