Sunday, May 24, 2020

Social Engineering: The Art of Human HackingSocial Engineering: The Art of Human Hacking by Christopher Hadnagy
My rating: 4 of 5 stars

This is a pretty good white-hat breakdown of techniques that exploit the more psychological aspects of hacking.

Indeed, while it does go into some really decent detail focusing on awareness of methods, it really shines in highlighting how one might go into business as an Auditor, themselves.

All in all, it is the modern confidence game. You've got thieves and thief-takers. You've got an amazing variety of people out there that simply don't take enough precautions and then you've got others that aren't paying close enough attention to the RIGHT kind of precautions.

Can you imagine having a multi-million dollar security system, teams of devoted security analysts, a fort-knox door, good key cards, and an excellent magnetic lock... all foiled by waving a t-shirt? Or because you helped a secretary out by warning her of her bad-mood boss... or by being an all-right guy helping you out of a jam?

But these kinds of things happen all the time. We've all heard of fishing. We know not to open untrusted pdf files. We know that we need to keep our software updated and relatively better protected from old exploits. RIGHT? Well, apparently not. Social creatures do as social creatures do. People who help you out of jams or mirror your expressions or appear out of nowhere with official-sounding titles and excellent business cards are always... TRUSTED. Someone with a CFO title demands that you do something or lose your job. What do you do?

The thing is, most businesses set themselves up for this kind of chicanery. If you instill respect and/or fear in your employees, don't be surprised when someone from the outside exploits the natural human reactions that come with being mistreated and/or indoctrinated. Being free to ask questions and verify credentials should be encouraged... even when an angry CFO keeps threatening an employee. (Real or not real, the terms of engagement ought to be the same.)

Alas. There's a lot more like this in the book and it's all pretty fascinating. It helps to be a genuine people person if you get into this line of work, but there are lots of different kinds of techniques. The point is to have a well-rounded toolbox and display confidence. Because you're a white-hat... right?

View all my reviews

No comments:

Post a Comment