Practical Social Engineering A Primer for the Ethical Hacker 1st Edition by Joe Gray ISBN 171850098X 9781718500983

Part I: The Basics Chapter 1: What Is Social Engineering?

• Important Concepts in Social Engineering

  • Pretexting

  • Open Source Intelligence

  • Phishing

  • Spear Phishing

  • Whaling

  • Vishing

  • Baiting

  • Dumpster Diving

• Psychological Concepts in Social Engineering

  • Influence

  • Manipulation

  • Rapport

  • Dr. Cialdini’s Six Principles of Persuasion

  • Sympathy vs. Empathy

• Conclusion

Chapter 2: Ethical Considerations in Social Engineering

• Ethical Social Engineering

  • Establishing Boundaries

  • Understanding Legal Considerations

  • Understanding Service Considerations

  • Debriefing After the Engagement

  • Case Study: Social Engineering Taken Too Far

• Ethical OSINT Collection

  • Protecting Data

  • Following Laws and Regulations

  • Case Study: Ethical Limits of Social Engineering

• Conclusion

Part II: Offensive Social Engineering Chapter 3: Preparing for an Attack

• Coordinating with the Client

• Scoping

• Defining Objectives

• Defining Methods

• Building Successful Pretexts

• Using Specialized Operating Systems for Social Engineering

• Following the Attack Phases

• Case Study: Why Scoping Matters

• Conclusion

Chapter 4: Gathering Business OSINT

• Case Study: Why OSINT Matters

• Understanding Types of OSINT

• Business OSINT

  • Getting Basic Business Information from Crunchbase

  • Identifying Website Owners with WHOIS

  • Collecting OSINT from the Command Line with Recon-ng

  • Using Other Tools: theHarvester and OSINT Framework

  • Finding Email Addresses with Hunter

  • Exploiting Mapping and Geolocation Tools

• Conclusion

Chapter 5: Social Media and Public Documents

• Analyzing Social Media for OSINT

  • LinkedIn

  • Job Boards and Career Sites

  • Facebook

  • Instagram

• Leveraging Shodan for OSINT

  • Using Shodan Search Parameters

  • Searching IP Addresses

  • Searching Domain Names

  • Searching Hostnames and Subdomains

• Taking Automatic Screenshots with Hunchly

• Pilfering SEC Forms

• Conclusion

Chapter 6: Gathering OSINT About People

• Using OSINT Tools for Analyzing Email Addresses

  • Finding Out If a User Has Been Breached with Have I Been Pwned

  • Enumerating Social Media Accounts with Sherlock

  • Enumerating Website Accounts with WhatsMyName

  • Analyzing Passwords with Pwdlogy

• Analyzing a Target’s Images

  • Manually Analyzing EXIF Data

  • Analyzing Images by Using ExifTool

• Analyzing Social Media Without Tools

  • LinkedIn

  • Instagram

  • Facebook

  • Twitter

• Case Study: The Dinner That Gave All the Gold Away

• Conclusion

Chapter 7: Phishing

• Setting Up a Phishing Attack

  • Setting Up a Secure VPS Instance for Phishing Landing Pages

  • Choosing an Email Platform

  • Purchasing Sending and Landing Page Domains

  • Setting Up the Phishing and Infrastructure Web Server

• Additional Steps for Phishing

  • Using Tracking Pixels to Measure How Often Your Email Is Opened

  • Automating Phishing with Gophish

  • Adding HTTPS Support for Phishing Landing Pages

  • Using URL Shorteners in Phishing

  • Using SpoofCard for Call Spoofing

  • Timing and Delivery Considerations

• Case Study: The $25 Advanced Persistent Phish

• Conclusion

Chapter 8: Cloning a Landing Page

• An Example of a Cloned Website

  • The Login Page

  • The Sensitive Questions Page

  • The Error Page

  • Harvesting the Information

• Cloning a Website

  • Finding the Login and User Pages

  • Cloning the Pages by Using HTTrack

  • Altering the Login Field Code

  • Adding the Web Pages to the Apache Server

• Conclusion

Chapter 9: Detection, Measurement, and Reporting

• Detection

• Measurement

  • Selection of Metrics

  • Ratios, Medians, Means, and Standard Deviations

  • The Number of Times an Email Is Opened

  • The Number of Clicks

  • Information Input into Forms

  • Actions Taken by the Victim

  • Detection Time

  • The Timeliness of Corrective Actions

  • The Success of Corrective Actions

  • Risk Ratings

• Reporting

  • Knowing When to Make a Phone Call

  • Writing the Report

• Conclusion

Part III: Defending Against Social Engineering Chapter 10: Proactive Defense Techniques

• Awareness Programs

  • How and When to Train

  • Nonpunitive Policies

  • Incentives for Good Behavior

  • Running Phishing Campaigns

• Reputation and OSINT Monitoring

  • Implementing a Monitoring Program

  • Outsourcing

• Incident Response

  • The SANS Incident Response Process

  • Responding to Phishing

  • Responding to Vishing

  • Responding to OSINT Collection

  • Handling Media Attention

  • How Users Should Report Incidents

• Technical Controls and Containment

• Conclusion

Chapter 11: Technical Email Controls

• Standards

  • “From” Fields

  • Domain Keys Identified Mail

  • Sender Policy Framework

  • Domain-Based Message Authentication, Reporting, and Conformance

  • Opportunistic TLS

  • MTA-STS

  • TLS-RPT

• Email Filtering Technologies

• Other Protections

• Conclusion

Chapter 12: Producing Threat Intelligence

• Using Alien Labs OTX

  • Analyzing a Phishing Email in OTX

  • Creating a Pulse

  • Analyzing the Email Source

  • Inputting Indicators

• Testing a Potentially Malicious Domain in Burp

• Analyzing Downloadable Files

• Conducting OSINT for Threat Intelligence

  • Searching VirusTotal

  • Identifying Malicious Sites on WHOIS

  • Discovering Phishes with PhishTank

  • Browsing ThreatCrowd

  • Consolidating Information in ThreatMiner

• Conclusion

Appendix A: Scoping Worksheet Appendix B: Reporting Template Appendix C: Information-Gathering Worksheet Appendix D: Pretexting Sample

• Confused Employee

• IT Inventory

• Transparency Survey

Appendix E: Exercises to Improve Your Social Engineering

• Help a Random Stranger and Then Prompt for “Flags”

• Improv

• Standup Comedy

• Public Speaking/Toastmasters

• Do OSINT Operations on Family and Friends

• Compete in Social Engineering and OSINT CTFs