Forensic investigation of a Social Engineering attack In this article I am going to share with you a real Social Engineering attack , where we worked in a case to investigate if there was any forensic evidence to suggest that the laptop computer a) had been compromised by the perpetrator(s), b) if found to be […]
Kevin Mitnick recommends Today I have received an Feedback which made me very happy. One of the very first known Social Engineer’ s or Worlds Most known hackers Kevin Mitnick is recommending my book “Learn Social Engineering” in his sessions , conferences as per this e-mail : “Good Morning (or) Afternoon, Dr… Hope you are […]
Deepen your knowledge : 30 Cybersecurity Books by Auth0 I am really happy to see that my book Learn Social Engineering is recommended as 1 of 2 Social Engineering books by the popular blog / twitter account Auth0 Did you read Learn Social Engineering yet ? 30 Cybersecurity Books to deepen your knowledge by […]
Information Gathering Methods Information gathering is not as challenging as it used to be a few years ago when one would only get details about a target either directly from the target or from asking around. The internet, more specifically the use of social media, has simplified this stage with newer and faster techniques of […]
Foreword by Troy Hunt – Founder of Have I Been Pwned
I remember precisely where I was when I first saw Erdal talk about social engineering: it was a jam-packed room at Microsoft’s TechEd, overflowing into the hallway if memory serves me. Software developers and IT pros alike had flooded into the room to hear about this phenomenon which sounded so intriguing – the ability to bend people to your will with what must have seemed like mind control to many people. The audience was in raptures as they learned about how the best technology controls we had at our disposal were so readily circumvented due to the fallibility of the organic matter sitting at the keyboard.
But the memory that sticks with me to this day is not the content, but rather how Erdal made people feel; scared, entertained and lusting for more. Of course, there was substance to the talk, as there was to many others that day and indeed the hundreds of others I must have seen since then. Substance alone, however, is not what makes a lesson stick nor is it what makes a lasting impression. Passion, enthusiasm and engagement were the ingredients that made my first encounter with Erdal memorable and indeed they’re the traits I’ve subsequently borrowed from him in my own speaking career.
Upon reflection, I suspect that talk was, itself, a degree of social engineering – he was manipulating the emotions of the audience. We’re all susceptible to it in one form or another simply because we respond to the sentiments it elicits within us. We’ve all experienced fear, greed, urgency, curiosity and sympathy, among many of the other feelings an adept social engineer plays upon. The trick is in understanding the right buttons to push in order to bend the victim (or in this case, the audience) to your point of view.
Over time, the mechanics of social engineering has become ever more important for us to understand. Whilst us humans haven’t particularly changed in terms of how we respond to those aforementioned emotions, the technology landscape we live within has changed a great deal in ways that make this style of attack ever more effective.
For example, we’ve never had access to more open source intelligence data than we do today and that same statement will still hold true if you read this again a year from now. The number of channels through which social engineering attacks can be mounted are also expanding; it’s no longer just phishing attacks in emails, we see malicious attacks being mounted via every conceivable communication platform by which adversaries can get their message in front of victims.
In this book, Erdal takes a very practical look at the mechanics of how these attacks take place. It’s a thorough overview yet is also readily consumable and packed with real world examples. Erdal goes beyond the theory and academics and drills down into easily accessible resources, reproducible steps and industry precedents that demonstrate just how effective social engineering attacks can be. Perhaps most importantly though, he lays a foundation that paves the way for those of us defending against these attacks to better prepare both our systems and our people.
I hope that you come away from reading this book feeling the same way as Erdal’s audience did when I first saw him talk – scared, entertained and lusting for more!
Cybersecurity Canon Candidate Executive Summary Learn Social Engineering: Learn the art of human hacking with an internationally renowned expert will equip you with a holistic understanding of social engineering. It will help you avoid and combat social engineering attacks by giving you a detailed insight into how a social engineer operates. The book covers topics ranging […]
Zombies in Social Networks We have arrived in a time where social networks have become an essential part of our lives. People are spending a great deal of time to connect with organizations, businesses, and individuals all over the world. But there is a dark side to social networks. How do you protect your business […]