Book Review: "Social Engineering"
"Social Engineering: The Art of Human Hacking" by Christopher Hadnagy is often considered the definitive study guide to social engineering. The book arms readers with a vast array of research and techniques aimed at influencing people in every day situations. Mr. Hadnagy also teaches several classes on the subject, which have all received very high praise, and founded the Social Engineers CTF at Defcon, the SECTF. That said, I purchased and read this book several years ago, but find myself constantly coming back to its teachings. At 416 pages, you can pick a copy of the book up from Amazon, anywhere from $3 - $20. This was Chris's first book, but since its amazing success within the industry, he has been encouraged to write two more books, to date. That said, I give the book 8 / 10 stars because it's a great technical guide for geeks to get into social reading and manipulation. I recommend the book to those into psychology, human interaction, non-verbal languages, penetration testers, and social engineers alike. There are some mixed reviews out there, but some of the bad ones seem to be people judging the act of social engineering itself, not the book on the subject. That said, this is one of the best books on the subject and this is coming from someone who has used these tricks in multiple, professional social engineering engagements, so my rating comes from the perspective of practical application. Like most of my reviews, the following is the major chapters and contents of the book:
Foreword
Preface and Acknowledgments
Chapter 1: A Look into the World of Social Engineering
Why This Book Is So ValuableOverview of Social Engineering
Summary
Chapter 2: Information Gathering
Gathering InformationSources for Information Gathering
Communication Modeling
The Power of Communication Models
Chapter 3: Elicitation
What Is Elicitation?The Goals of Elicitation
Mastering Elicitation
Summary
Chapter 4: Pretexting: How to Become Anyone
What Is Pretexting?The Principles and Planning Stages of Pretexting
Successful Pretexting
Summary
Chapter 5: Mind Tricks: Psychological Principles Used in Social Engineering
Modes of ThinkingMicroexpressions
Neurolinguistic Programming (NLP)
Interview and Interrogation
Building Instant Rapport
The Human Buffer Overflow
Summary
Chapter 6: Influence: The Power of Persuasion
The Five Fundamentals of Influence and PersuasionInfluence Tactics
Altering Reality: Framing
Manipulation: Controlling Your Target
Manipulation in Social Engineering
Summary
Chapter 7: The Tools of the Social Engineer
Physical ToolsOnline Information-Gathering Tools
Summary
Chapter 8: Case Studies: Dissecting the Social Engineer
Mitnick Case Study 1: Hacking the DMVMitnick Case Study 2: Hacking the Social Security Administration
Hadnagy Case Study 1: The Overconfident CEO
Hadnagy Case Study 2: The Theme Park Scandal
Top-Secret Case Study 1: Mission Not Impossible
Top-Secret Case Study 2: Social Engineering a Hacker
Why Case Studies Are Important
Summary
Chapter 9: Prevention and Mitigation
Learning to Identify Social Engineering AttacksCreating a Personal Security Awareness Culture
Being Aware of the Value of the Information You Are Being Asked For
Keeping Software Updated
Developing Scripts
Learning from Social Engineering Audits
Concluding Remarks
Summary
I found chapter 5 on NLP and reading body language to be massively influential, and it taught me several tricks that I use almost every day on a subconscious level. If I could recommend just one chapter out of this book, it would be chapter 5! I also recommend the text version of the story, because there are several images in the book that are critical to the examples, such as showing the facial expressions they are describing in chapter 5. The book also has other useful resources for hackers and social engineers other than just purly social, for example chapter 7 delves into OSINT gathering on the web and lock picking in meatspace. There are some other reviews out there that break the review down per chapter, I suggest reading them if you want more details on the techniques conveyed in each chapter. This is also a timely post, as it pulls several case studies from Kevin Mitnick's life, who's book we just covered earlier this month. Chris also runs a few websites dedicated to the art and book, like social-engineer.com and social-engineer.org. From those sites, Chris also developed The Social Engineer's Framework, which is an entire wiki / guide on psychology and social engineering!! The following is an interview with Chris H, which covers a bunch of the topics in the book, and is wildly educational in itself!