Practical Social Engineering: A Primer for the Ethical Hacker
暫譯: 實用社會工程學:道德駭客入門指南
Gray, Joe
- 出版商: No Starch Press
- 出版日期: 2022-06-14
- 售價: $1,330
- 貴賓價: 9.5 折 $1,264
- 語言: 英文
- 頁數: 230
- 裝訂: Quality Paper - also called trade paper
- ISBN: 171850098X
- ISBN-13: 9781718500983
-
相關分類:
駭客 Hack
立即出貨 (庫存=1)
相關主題
商品描述
An ethical introduction to social engineering, an attack technique that leverages psychology, deception, and publicly available information to breach the defenses of a human target in order to gain access to an asset. Social engineering is key to the effectiveness of any computer security professional.
Social engineering is the art of capitalizing on human psychology to compromise systems, not technical vulnerabilities. It's an effective method of attack because even the most advanced security detection teams can do little to defend against an employee clicking a malicious link or opening a file in an email and even less to what an employee may say on a phone call. This book will show you how to take advantage of these ethically sinister techniques so you can better understand what goes into these attacks as well as thwart attempts to gain access by cyber criminals and malicious actors who take advantage of human nature.
Author Joe Gray, an award-winning expert on the subject, shares his Social Engineering case studies, best practices, OSINT tools, and templates for both orchestrating (ethical) attacks and reporting them to companies so they can better protect themselves. His methods maximize influence and persuasion with creative techniques, like leveraging Python scripts, editing HTML files, and cloning a legitimate website to trick users out of their credentials. Once you've succeeded in harvesting information on your targets with advanced OSINT methods, Gray guides you through the process of using this information to perform real Social Engineering, then teaches you how to apply this knowledge to defend your own organization from these types of attacks.
You'll learn:
- How to use Open Source Intelligence tools (OSINT) like Recon-ng and whois
- Strategies for capturing a target's info from social media, and using it to guess their password
- Phishing techniques like spoofing, squatting, and standing up your own webserver to avoid detection
- How to collect metrics about the success of your attack and report them to clients
- Technical controls and awareness programs to help defend against social engineering
Fast-paced, hands-on and ethically focused, Practical Social Engineering is a book every pentester can put to use immediately.
商品描述(中文翻譯)
社會工程學的倫理介紹,這是一種利用心理學、欺騙和公開可用資訊來突破人類目標防禦的攻擊技術,以獲取資產的訪問權限。社會工程學是任何電腦安全專業人員有效性的關鍵。
社會工程學是利用人類心理學來妥協系統的藝術,而不是技術漏洞。這是一種有效的攻擊方法,因為即使是最先進的安全檢測團隊也無法有效防範員工點擊惡意鏈接或打開電子郵件中的文件,對於員工在電話中可能說的話更是無能為力。本書將向您展示如何利用這些倫理上陰險的技術,以便更好地理解這些攻擊的內涵,並阻止網路犯罪分子和惡意行為者利用人性來獲取訪問權限的企圖。
作者 Joe Gray 是該主題的獲獎專家,他分享了他的社會工程學案例研究、最佳實踐、開源情報工具(OSINT)和模板,這些模板可用於策劃(倫理)攻擊並向公司報告,以便他們能更好地保護自己。他的方法通過創意技術最大化影響力和說服力,例如利用 Python 腳本、編輯 HTML 文件和克隆合法網站來欺騙用戶獲取其憑證。一旦您成功利用先進的 OSINT 方法收集目標的資訊,Gray 將指導您如何使用這些資訊進行真正的社會工程學,然後教您如何將這些知識應用於保護自己的組織免受這類攻擊。
您將學到:
- 如何使用開源情報工具(OSINT),如 Recon-ng 和 whois
- 從社交媒體捕獲目標資訊的策略,並利用這些資訊猜測他們的密碼
- 僞冒、域名搶注和搭建自己的網路伺服器以避免檢測的釣魚技術
- 如何收集有關攻擊成功率的指標並向客戶報告
- 技術控制和意識計劃,以幫助防範社會工程學
快速、實用且以倫理為重點的實用社會工程學是每位滲透測試者都可以立即使用的書籍。
作者簡介
Joe Gray is a veteran of the U.S. Navy. He is the Founder/Principal Instructor of The OSINTion, the Founder/Principal Investigator of Transparent Intelligence Services, and the inaugural winner of the DerbyCon Social Engineering CTF. A member of the Password Inspection Agency, he also won the TraceLabs OSINT Search Party at DEFCON 28, and recently authored the OSINT and OPSEC tools - DECEPTICON Bot and WikiLeaker.
作者簡介(中文翻譯)
喬·格雷(Joe Gray)是美國海軍的退伍軍人。他是 The OSINTion 的創辦人兼首席講師,也是 Transparent Intelligence Services 的創辦人兼首席研究員,並且是 DerbyCon 社會工程 CTF 的首屆獲勝者。作為密碼檢查機構的成員,他還在 DEFCON 28 獲得了 TraceLabs OSINT 搜索小組的獎項,最近他撰寫了 OSINT 和 OPSEC 工具 - DECEPTICON Bot 和 WikiLeaker。
