Social Engineering Penetration Testing: Executing Social Engineering Pen Tests, Assessments and Defense

7h 53m
Andrew Mason, Gavin Watson, Richard Ackroyd
Elsevier Science and Technology Books, Inc.
2014

Social engineering attacks target the weakest link in an organization's security-human beings. Everyone knows these attacks are effective, and everyone knows they are on the rise. Now, Social Engineering Penetration Testing gives you the practical methodology and everything you need to plan and execute a social engineering penetration test and assessment. You will gain fascinating insights into how social engineering techniques-including email phishing, telephone pretexting, and physical vectors- can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, you will have a much better understanding of how best to defend against these attacks.

The authors of Social Engineering Penetration Testing show you hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. You will learn about the differences between social engineering pen tests lasting anywhere from a few days to several months. The book shows you how to use widely available open-source tools to conduct your pen tests, then walks you through the practical steps to improve defense measures in response to test results.

Understand how to plan and execute an effective social engineering assessment
Learn how to configure and use the open-source tools available for the social engineer
Identify parts of an assessment that will most benefit time-critical engagements
Learn how to design target scenarios, create plausible attack situations, and support various attack vectors with technology
Create an assessment report, then improve defense measures in response to test results

About the Authors

Gavin is the Professional Services Manager at RandomStorm and is responsible for devising and also delivering innovative testing services offered to clients, including the full range of penetration testing and social engineering engagements. Gavin has worked in IT for many years, focusing for the past five years on delivering internal and external penetration tests and social engineering engagements for multiple clients across all verticals.

Andrew is the co-founder and Technical Director at RandomStorm and is responsible for the formulation and execution of strategy for the technical department within RandomStorm. Andrew has over 20 years experience in IT with recent years focused on Internet security, offering board-level consultancy to numerous enterprise customers within disparate geographical regions. Andrew has authored several infosec titles for McGraw Hill and Cisco Press. His most recent publications have been focused on Firewalls and Threat Mitigation from common vulnerabilities. Andrew has also contributed to several books on networking topics as well as writing numerous articles for online and print trade journals and newspapers including the Sunday Times. Based in the UK, RandomStorm is a global infosec services consultancy providing turnkey solutions to organizations of any size. RandomStorm has offices in UK, US, Canada, Jordan and UAE.

Richard is a Senior Security Engineer for RandomStorm and is involved in the conducting penetration testing and social engineering assessments for clients across all verticals.

In this Book

Foreword
An Introduction to Social Engineering
The Weak Link in the Business Security Chain
The Techniques of Manipulation
Short and Long Game Attack Strategies
The Social Engineering Engagement
Ensuring Value Through Effective Threat Modeling
Creating Targeted Scenarios
Leveraging Open-Source Intelligence
The E-mail Attack Vector
The Telephone Attack Vector
The Physical Attack Vector
Supporting an Attack with Technology
Writing the Report
Creating Hardened Policies and Procedures
Staff Awareness and Training Programs
Internal Social Engineering Assessments
Social Engineering Assessment Cheat Sheet

FREE ACCESS

Course CompTIA A+ Core 2: Social Engineering Attacks

(107)

Book Machine Learning Engineering in Action

Book Performance Testing

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills & Salary Report

ESG Impact Report

Social Engineering Penetration Testing: Executing Social Engineering Pen Tests, Assessments and Defense

In this Book

YOU MIGHT ALSO LIKE