Executing Social Engineering Pen Tests, Assessments and Defense
By Gavin Watson, Andrew Mason, Richard Ackroyd
Publisher: Elsevier / Syngress
Final Release Date: April 2014
Social engineering attacks target the weakest link in an organization's security—human beings. Everyone knows these attacks are effective, and everyone knows they are on the rise. Now, Social Engineering Penetration Testing gives you the practical methodology and everything you need to plan and execute a social engineering penetration test and assessment. You will gain fascinating insights into how social engineering techniques—including email phishing, telephone pretexting, and physical vectors— can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, you will have a much better understanding of how best to defend against these attacks.
The authors of Social Engineering Penetration Testing show you hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. You will learn about the differences between social engineering pen tests lasting anywhere from a few days to several months. The book shows you how to use widely available open-source tools to conduct your pen tests, then walks you through the practical steps to improve defense measures in response to test results.
Understand how to plan and execute an effective social engineering assessment
Learn how to configure and use the open-source tools available for the social engineer
Identify parts of an assessment that will most benefit time-critical engagements
Learn how to design target scenarios, create plausible attack situations, and support various attack vectors with technology
Create an assessment report, then improve defense measures in response to test results