Jump to content


Photo

Social Engineering Books/Training


  • Please log in to reply
24 replies to this topic

#1 DanMc125

DanMc125

    Landlubber

  • Crew Member
  • 1 posts

Posted 20 January 2016 - 07:45 AM

I have noticed that social engineering is a big deal now. I understand that hackers and anyone trying to accomplish any objectives can use social engineering to get what they want without giving away their true intentions through the power of a simple conversation. I've also found that it's most commonly used for penetration testing.

 

My question is, where can I go or what books can I read in order to help add social engineering as part of my skill set? I looked at quite a few books on Amazon but was disappointed to see how poorly they did in the reviews. A lot of the books just talk about famous examples of social engineering and don't really tell what you need to know if you are looking to learn more about it.

 

Any suggestions?



#2 MightyP

MightyP

    Salty Dog

  • Crew Leader
  • 699 posts
  • LocationSan Antonio

Posted 20 January 2016 - 09:08 AM

I've never seen a book on the shelf on how to deceive to gather information (whether through social engineering or any other process). There are a few out there to help you identify others who are trying to deceive you (Liespotting, What Every Body is Saying, etc), but that wasn't your question.


ITSSignature2.png

What I lack in knowledge & skill, I make up for with sarcasm & bad jokes.


#3 Fivesenenguy

Fivesenenguy

    Salty Dog

  • Crew Leader
  • 263 posts

Posted 20 January 2016 - 10:52 AM

so from what i know,"which is coming from relatives and people i know that work for some agencies which i will not name" you wont really find books out  there to tell you how, but as MightyP said there are books out there to help you spot it. there in "lies" the detail. if you can spot it then you inevitably will know how it works. and therefor put it into practice. but you also have to know that it wasent called social enginering 10-15 years ago it was called "trade craft" basically the art of gathering info, hiding in plain sight, penetrating a network,  ect, without the other party knowing what is being done. even if the person is talking directly to you. knowing the term before it was redefined will help with the search. lol ironicly the name change is another way/form of "social enginering". there are tool kits availible for the the technology part of it.


  • MightyP and littleninja like this

EIu5PDO.png


#4 decepticon1

decepticon1

    Swabbie

  • Crew Member
  • 33 posts

Posted 21 January 2016 - 08:46 PM

Perhaps you might find useful information in the fields of public relations, marketing, advertising, etc. All involve using a specifically prepared message to surreptitiously elicit a specific behavior in the listener/audience. Many of the techniques are similar, regardless of whether you want them to make a purchase or whether you want them to offer up privileged information.


  • ducttapedave likes this

#5 littleninja

littleninja

    Salty Dog

  • Crew Leader
  • 140 posts
  • LocationOhio

Posted 22 January 2016 - 05:22 AM

Building on what my brothers have shared - there's a reason no books of substance exist on the topic: its an art, a mindset that can be crafted, but often is best employed by those with a nature for patience and strategy. Social Engineering does not require technology, but the advent of social media has created a 'fish in the barrel' set of opportunities in which to practice. Be mindful of your actions, as social engineering does NOT employ tactics that violate laws or invade privacy. Instead they use mindset and strategy to elicit information willingly (albeit many times unwittingly). What passes today for 'social engineering' is often just base level hacking, which requires little more than a Google search and reckless keyboard bravado. If you're going to add the skill set, do it according to the trade: learn, practice, build, master, repeat.

There are a few books to recommend to learn and build the mindset tools:

  • The Art of War - Sun Tzu
  • The Book of Five Rings - Miyamoto Musashi
  • Hagakure / Bushido - Tsunetomo Yamamoto 
  • A Classic Case of Deception - Antonio Mendez (story that the movie ARGO was based upon)
  • The 48 Laws of Power - Robert Greene
  • anything on the mind set of 'red teaming'

Anything that covers the practice of ninja / kunoichi, especially the latter, which were skilled in the art of hiding in the open, will also be of use.


  • MightyP and EMSWxSAR like this

n0Q3KCI.png?1


#6 MightyP

MightyP

    Salty Dog

  • Crew Leader
  • 699 posts
  • LocationSan Antonio

Posted 22 January 2016 - 08:30 AM

kunoichi

 

I learned a new word today... I also saw pictures of cartoon girls labeled kunoichi, who dressed in a way that seemed counter productive to "hiding in the open" or "being seen but not noticed". I'll have to let my wife know she's doing it wrong. :D


  • EMSWxSAR, Fivesenenguy, mysteriousjl and 2 others like this

ITSSignature2.png

What I lack in knowledge & skill, I make up for with sarcasm & bad jokes.


#7 littleninja

littleninja

    Salty Dog

  • Crew Leader
  • 140 posts
  • LocationOhio

Posted 22 January 2016 - 01:07 PM

I learned a new word today... I also saw pictures of cartoon girls labeled kunoichi, who dressed in a way that seemed counter productive to "hiding in the open" or "being seen but not noticed". I'll have to let my wife know she's doing it wrong. :D

 

Haaaa!! :slap:   Perhaps anime and cartoons were not the intended reference, and why am I suddenly thinking unstealthiest ninja?


  • MightyP and EMSWxSAR like this

n0Q3KCI.png?1


#8 MightyP

MightyP

    Salty Dog

  • Crew Leader
  • 699 posts
  • LocationSan Antonio

Posted 22 January 2016 - 05:10 PM

Haaaa!! :slap:   Perhaps anime and cartoons were not the intended reference, and why am I suddenly thinking unstealthiest ninja?

 

rofl  The top suggested pictures would all make great unstealthiest ninja cartoons. 

 

And, in my defense (because I don't want to be associated anime), I really did just do a google search for "kunoichi". I can't help it that the most popular kunoichi are scantily dressed, cartoon, young women. This does, however, give me a chance to use one of my favorite websites, "Here, Let Me Google That For You", for me defense.  Kunoichi Search


  • EMSWxSAR and littleninja like this

ITSSignature2.png

What I lack in knowledge & skill, I make up for with sarcasm & bad jokes.


#9 Fivesenenguy

Fivesenenguy

    Salty Dog

  • Crew Leader
  • 263 posts

Posted 22 January 2016 - 09:05 PM

Lol this is rich, poor guy got more than he bargained for.
  • littleninja likes this

EIu5PDO.png


#10 DeathwatchDoc

DeathwatchDoc

    Salty Dog

  • Moderator
  • 1,936 posts
  • LocationAlabama

Posted 22 January 2016 - 09:13 PM

Art of Deception by Kevin Mitnick

 

http://www.amazon.co...y/dp/076454280X


  • littleninja, FarmBoy and typecookie like this

89BccLb.png


#11 littleninja

littleninja

    Salty Dog

  • Crew Leader
  • 140 posts
  • LocationOhio

Posted 23 January 2016 - 01:21 AM

This does, however, give me a chance to use one of my favorite websites, "Here, Let Me Google That For You", for me defense.  Kunoichi Search

 

Damn you - I'm over here wheezing and coughing up lung cookies I'm laughing so hard. rofl  

 

 Try looking up Tomoe Gozen or Keiko Fukuda - waaay better examples. Unless you get more of that anime smut stuff..... geez Google, what the hell.


  • EMSWxSAR likes this

n0Q3KCI.png?1


#12 Hidyn

Hidyn

    Mate

  • Crew Leader
  • 85 posts
  • LocationCanada

Posted 26 January 2016 - 07:36 PM

I've been following social engineering since high school. If you guys want an off the shelf book with instructions and explanations, the very best book is still Dale Carnegies' "How to Win Friends and Influence People".

The material is still very much valid, and will keep you busy for a long time practicing the skills. After that, if you're interested in going farther, you'll know more specifics about what to ask.

Good luck! :)
  • Fivesenenguy, ducttapedave and ArkansasFan like this

#13 redsol1

redsol1

    Salty Dog

  • Crew Leader
  • 480 posts
  • LocationShenandoa Valley Virginia

Posted 28 January 2016 - 07:01 PM

Among Enemies: Counter-Espionage for the Business Traveler - Luke Bencie

http://www.amazon.co...rds=luke bencie

la'
  • Fivesenenguy likes this
Step 1: Unfuck your gear Step 2: Unfuck your buddy Step 3: Unfuck yourself In that order.
— 3 Steps to Being a Team Player (Via Redteams.net)
Posted Image

#14 FarmBoy

FarmBoy

    Landlubber

  • Crew Member
  • 11 posts

Posted 16 February 2016 - 02:14 PM

The Key to this is to first study your target and understand their daily process and schedule then determine where the security is weakest or where you can leverage a human deficiency such as "default trust" for maintenance men, Utility workers, Repair guys, A guy delivering a Large "Happy Retirement"  Sheet cake approaching a Smokers rear door will ALWAYS gain physical access.   Learning to ask the right questions or phishing not only in email form but verbally with your target.   Dont get greedy you dont want to find "diamond" in the first day.   Dig for coal every day until you find a piece of information that will help you open the map to where the diamond can be found.

Humans are notoriously trustworthy of the above mentioned types but they are also inept when it comes to being under deadline crunches.  They will circumvent all security protocols and procedures when they become pressured with time or stress.
 


  • littleninja likes this

#15 headrusch

headrusch

    Swabbie

  • Crew Member
  • 38 posts
  • LocationGeorgia

Posted 24 February 2016 - 08:32 PM

social-engineering.org



#16 redsol1

redsol1

    Salty Dog

  • Crew Leader
  • 480 posts
  • LocationShenandoa Valley Virginia

Posted 24 February 2016 - 08:36 PM

My dad always used to tell me "the first trick in getting away with something is looking like you're supposed to be there"

 

La'


  • CalicoJack and littleninja like this
Step 1: Unfuck your gear Step 2: Unfuck your buddy Step 3: Unfuck yourself In that order.
— 3 Steps to Being a Team Player (Via Redteams.net)
Posted Image

#17 stoddy9311

stoddy9311

    Salty Dog

  • Crew Member
  • 219 posts
  • LocationAlberta Canada

Posted 18 March 2016 - 09:41 PM

Plato's- Republic.( anything by Plato really...Meno, Phaedo)

Marcus Aurelius-Meditations

Sun Tzu - The Art of War.
  • ArkansasFan likes this

#18 Psybain

Psybain

    Salty Dog

  • Crew Leader
  • 1,674 posts
  • LocationSE AZ

Posted 19 March 2016 - 12:27 AM

My dad always used to tell me "the first trick in getting away with something is looking like you're supposed to be there"

La'


Ive used that tactic a number of times during work just to keep mouthbreather lcpls at bay when going to other shops.

35066390514_66d1ce57b5_z.jpg
As Seen on: M4Carbine.net, GlockTalk, and NCGO.
 


#19 ducttapedave

ducttapedave

    Salty Dog

  • Crew Leader
  • 247 posts
  • LocationSaskatchewan

Posted 22 March 2016 - 09:55 AM

I think the comment about marketing and networking hits the nail on the head. Social Engineering is what most business is about. If you look back into the history of hacking, which is where the term is coined from, that's the mindset and skillset they were using. It's the same old game of the confidence man selling snake oil in a bottle and convincing the public that it's something else. Books about acting would be just as at home here. 

 

I did come across a book by Chris Hadnagy called "Social Engineering: the Art of Human Hacking". From a quick perusal it looks good. But far easier, and available at your local library, free of charge would be the above "How to Win Friends and Influence People" and that ilk. It's all the same thing, with perhaps, slightly different end goals. 


  • littleninja likes this

#20 headrusch

headrusch

    Swabbie

  • Crew Member
  • 38 posts
  • LocationGeorgia

Posted 23 April 2016 - 06:16 AM

Forward Observer offers a class called Team Security and Vetting. The instructor goes over building rapport, conversation art, and a way to elicit information out of someone where they don't know about it.

Great course too if you're into counterintelligence methods or implementing any type of intelligence into your training.
  • littleninja likes this




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users