Christopher Hadnagy
Autor(a) de Social Engineering: The Art of Human Hacking
About the Author
Christopher Hadnagy is the CEO and Chief Human Hacker of Social-Engineer, LLC as well as the lead developer and creator of the world's first social engineering framework found at social-engineer.org. He is the founder and creator of the Social Engineering Village (SEVillage) at DEF CON and mostrar mais DerbyCon, as well as the creator of the popular Social Engineering Capture the Flag (SECTF) He is a sought-after speaker and trainer and even has debriefed the Pentagon on these topics. He can be found tweeting at @humanhacker. mostrar menos
Obras de Christopher Hadnagy
Etiquetado
Conhecimento Comum
- Sexo
- male
- Pequena biografia
- Chris Hadnagy, aka loganWHD, is the President and CEO of Social-Engineer, Inc. He specializes in understanding the ways in which malicious attackers are able to exploit human weaknesses to obtain access to information and resources through manipulation and deceit. He has been in security and technology for over 16 years.
Chris is a graduate of Dr. Paul Ekman’s courses in Microexpressions, having passed the certifcation requirements with an “Expert Level” grade. He also has significant experience in training and educating students in non-verbal communications. He also hold certifications as an Offensive Security Certified Professional (OSCP) and an Offensive Security Wireless Professional (OSWP).
Chris has written a number of artices for local, national, and international publications and journals to include Pentest Mag, EthicalHacker.net, and local and national Business Journals. In addition, he is the author of the best-selling book, Social Engineering: The Art of Human Hacking.
Chris has developed one of the web’s most successful security podcasts. The Social-Engineer.Org Podcast spends time each month analyzing an individual who must use influence and persuasion in their daily lives. By dissecting their choices and actions, we can learn to enhance our abilities. That same analysis applies to the equally-popular SEORG Newsletter. Over the years, both have become a staple in most serious security practices and are used by Fortune 500 companies around the world to educate their staff.
Finally, Chris has launched a line of professional social engineering training and penetration testing services at Social-Engineer.Com. His goal is to assist companies in remaining secure by educating them on the methods used by maliious attackers. He accomplishes this by analyzing, studying, dissecting, then performing the very same attacks used during some of the most recent incidents (i.e. Sony, HB Gary, LockHeed Martin, etc), Chris is able to help companies understand their vulnerabilites, mitigate issues, and maintain appropriate levels of education and security.
Membros
Resenhas
Human Hacking: Win Friends, Influence People, and… de Christopher Hadnagy
This was a disappointing read. I picked up this book on the recommendation of a security expert, hoping to learn more about social engineering methods and read fascinating examples of such methods being applied in real life. The subtitle should have warned me that instead, this reads like yet another self-help book, full of overly simplistic advice (Be determined! Make people like you!) drowned in endlessly repeated weak anecdotes. I only endured through the first two chapters before giving up.
½
This book is far from perfect, but it is the best book I’ve found on how-to social engineering as an overall field vs either a bunch of case studies or narrow guides to specific techniques. The biggest problem was using the same set of examples to illustrate multiple ostensibly distinct techniques — admittedly a lot of the distinctions were arbitrary to begin with — and the structure of the book wasn’t as clear as it could be. However, this book (and the author’s other resources on the Internet) are great resources for interested individuals, non-SE security people, or administrators.… (mais)
This is a pretty good white-hat breakdown of techniques that exploit the more psychological aspects of hacking.
Indeed, while it does go into some really decent detail focusing on awareness of methods, it really shines in highlighting how one might go into business as an Auditor, themselves.
All in all, it is the modern confidence game. You've got thieves and thief-takers. You've got an amazing variety of people out there that simply don't take enough precautions and then you've got others that aren't paying close enough attention to the RIGHT kind of precautions.
Can you imagine having a multi-million dollar security system, teams of devoted security analysts, a fort-knox door, good key cards, and an excellent magnetic lock... all foiled by waving a t-shirt? Or because you helped a secretary out by warning her of her bad-mood boss... or by being an all-right guy helping you out of a jam?
But these kinds of things happen all the time. We've all heard of fishing. We know not to open untrusted pdf files. We know that we need to keep our software updated and relatively better protected from old exploits. RIGHT? Well, apparently not. Social creatures do as social creatures do. People who help you out of jams or mirror your expressions or appear out of nowhere with official-sounding titles and excellent business cards are always... TRUSTED. Someone with a CFO title demands that you do something or lose your job. What do you do?
The thing is, most businesses set themselves up for this kind of chicanery. If you instill respect and/or fear in your employees, don't be surprised when someone from the outside exploits the natural human reactions that come with being mistreated and/or indoctrinated. Being free to ask questions and verify credentials should be encouraged... even when an angry CFO keeps threatening an employee. (Real or not real, the terms of engagement ought to be the same.)
Alas. There's a lot more like this in the book and it's all pretty fascinating. It helps to be a genuine people person if you get into this line of work, but there are lots of different kinds of techniques. The point is to have a well-rounded toolbox and display confidence. Because you're a white-hat... right?… (mais)
Indeed, while it does go into some really decent detail focusing on awareness of methods, it really shines in highlighting how one might go into business as an Auditor, themselves.
All in all, it is the modern confidence game. You've got thieves and thief-takers. You've got an amazing variety of people out there that simply don't take enough precautions and then you've got others that aren't paying close enough attention to the RIGHT kind of precautions.
Can you imagine having a multi-million dollar security system, teams of devoted security analysts, a fort-knox door, good key cards, and an excellent magnetic lock... all foiled by waving a t-shirt? Or because you helped a secretary out by warning her of her bad-mood boss... or by being an all-right guy helping you out of a jam?
But these kinds of things happen all the time. We've all heard of fishing. We know not to open untrusted pdf files. We know that we need to keep our software updated and relatively better protected from old exploits. RIGHT? Well, apparently not. Social creatures do as social creatures do. People who help you out of jams or mirror your expressions or appear out of nowhere with official-sounding titles and excellent business cards are always... TRUSTED. Someone with a CFO title demands that you do something or lose your job. What do you do?
The thing is, most businesses set themselves up for this kind of chicanery. If you instill respect and/or fear in your employees, don't be surprised when someone from the outside exploits the natural human reactions that come with being mistreated and/or indoctrinated. Being free to ask questions and verify credentials should be encouraged... even when an angry CFO keeps threatening an employee. (Real or not real, the terms of engagement ought to be the same.)
Alas. There's a lot more like this in the book and it's all pretty fascinating. It helps to be a genuine people person if you get into this line of work, but there are lots of different kinds of techniques. The point is to have a well-rounded toolbox and display confidence. Because you're a white-hat... right?… (mais)
1 
bradleyhorner | outras 5 resenhas | Jun 1, 2020 |
bradleyhorner | outras 5 resenhas | Jun 1, 2020 | There is some good info in here, but it really wasn't worth slogging through the copy and paste information from various fields, poor writing, and cheesy dialogue. Might be a good intro to social engineering if you know nothing on the subject, but as for practical uses you're better off getting your information elsewhere.
Listas
You May Also Like
Associated Authors
Estatísticas
- Obras
- 8
- Membros
- 571
- Popularidade
- #43,841
- Avaliação
- 3.6
- Resenhas
- 8
- ISBNs
- 34
- Idiomas
- 2