Commencez à lire Social Engineering: The Art of Human Hacking sur votre Kindle dans moins d'une minute. Vous n'avez pas encore de Kindle ? Achetez-le ici Ou commencez à lire dès maintenant avec l'une de nos applications de lecture Kindle gratuites.

Envoyer sur votre Kindle ou un autre appareil

 
 
 

Essai gratuit

Découvrez gratuitement un extrait de ce titre

Envoyer sur votre Kindle ou un autre appareil

Tout le monde peut lire les livres Kindle, même sans un appareil Kindle, grâce à l'appli Kindle GRATUITE pour les smartphones, les tablettes et les ordinateurs.
Social Engineering: The Art of Human Hacking
 
Agrandissez cette image
 

Social Engineering: The Art of Human Hacking [Format Kindle]

Christopher Hadnagy , Paul Wilson
5.0 étoiles sur 5  Voir tous les commentaires (2 commentaires client)

Prix conseillé : EUR 28,84 De quoi s'agit-il ?
Prix éditeur - format imprimé : EUR 31,90
Prix Kindle : EUR 18,99 TTC & envoi gratuit via réseau sans fil par Amazon Whispernet
Économisez : EUR 12,91 (40%)

Formats

Prix Amazon Neuf à partir de Occasion à partir de
Format Kindle EUR 18,99  
Broché EUR 31,84  
MP3 CD EUR 7,72  
MP3 CD, Livre audio EUR 11,55  

Offre Éclair Kindle Abonnez-vous à la Newsletter Offre Éclair Kindle et recevez un ebook gratuit.

Assurez-vous d'avoir bien coché la case Offre Éclair Kindle, puis cliquez sur "Abonnez-vous" pour vous inscrire et recevoir votre code promotionnel.

-40%, -50%, -60%... Découvrez les Soldes Amazon jusqu'au 5 août 2014 inclus. Profitez-en !






Descriptions du produit

Présentation de l'éditeur

The first book to reveal and dissect the technical aspect of many social engineering maneuvers

From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering.

Kevin Mitnick—one of the most famous social engineers in the world—popularized the term “social engineering.” He explained that it is much easier to trick someone into revealing a password for a system than to exert the effort of hacking into the system. Mitnick claims that this social engineering tactic was the single-most effective method in his arsenal. This indispensable book examines a variety of maneuvers that are aimed at deceiving unsuspecting victims, while it also addresses ways to prevent social engineering threats.

  • Examines social engineering, the science of influencing a target to perform a desired task or divulge information
  • Arms you with invaluable information about the many methods of trickery that hackers use in order to gather information with the intent of executing identity theft, fraud, or gaining computer system access
  • Reveals vital steps for preventing social engineering threats

Social Engineering: The Art of Human Hacking does its part to prepare you against nefarious hackers—now you can do your part by putting to good use the critical information within its pages.

Quatrième de couverture

"Chris Hadnagy has penned the ultimate text on social engineering. Meticulously researched and teeming with practical applications, this brilliant book offers solutions to very real problems and ever–present dangers to your business — and even to yourself. Truly groundbreaking." — Kevin Hogan , author of The Science of Influence: How to Get Anyone to Say "Yes" in 8 Minutes or Less Discover the secrets of expert con men and human hackers No matter how sophisticated your security equipment and procedures may be, their most easily exploitable aspect is, and has always been, the human infrastructure. The skilled, malicious social engineer is a weapon, nearly impossible to defend against. This book covers, in detail, the world′s first framework for social engineering. It defines, explains, and dissects each principle, then illustrates it with true stories and case studies from masters such as Kevin Mitnick, renowned author of The Art of Deception. You will discover just what it takes to excel as a social engineer. Then you will know your enemy. Tour the Dark World of Social Engineering Learn the psychological principles employed by social engineers and how they′re used Discover persuasion secrets that social engineers know well See how the crafty crook takes advantage of cameras, GPS devices, and caller ID Find out what information is, unbelievably, available online Study real–world social engineering exploits step by step "Most malware and client–side attacks have a social engineering component to deceive the user into letting the bad guys in. You can patch technical vulnerabilities as they evolve, but there is no patch for stupidity, or rather gullibility. Chris will show you how it′s done by revealing the social engineering vectors used by today′s intruders. His book will help you gain better insight on how to recognize these types of attacks." — Kevin Mitnick , Author, Speaker, and Consultant

Détails sur le produit

  • Format : Format Kindle
  • Taille du fichier : 3773 KB
  • Nombre de pages de l'édition imprimée : 411 pages
  • Pagination - ISBN de l'édition imprimée de référence : 0470639539
  • Editeur : Wiley; Édition : 1 (29 novembre 2010)
  • Vendu par : Amazon Media EU S.à r.l.
  • Langue : Anglais
  • ASIN: B004EEOWH0
  • Synthèse vocale : Activée
  • X-Ray :
  • Moyenne des commentaires client : 5.0 étoiles sur 5  Voir tous les commentaires (2 commentaires client)
  • Classement des meilleures ventes d'Amazon: n°101.863 dans la Boutique Kindle (Voir le Top 100 dans la Boutique Kindle)
  •  Souhaitez-vous faire modifier les images ?


En savoir plus sur l'auteur

Découvrez des livres, informez-vous sur les écrivains, lisez des blogs d'auteurs et bien plus encore.

Commentaires en ligne 

4 étoiles
0
3 étoiles
0
2 étoiles
0
1 étoiles
0
5.0 étoiles sur 5
5.0 étoiles sur 5
Commentaires client les plus utiles
2 internautes sur 2 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Hacking People 25 mars 2013
Format:Broché|Achat vérifié
Un bon ouvrage sur l'ingénierie sociale ou l'art de manipuler les gens.
Le livre (en anglais) se veut bien structuré et simple dans son approche. Plus qu'un ensemble de "trucs et astuces", il présente les mécanismes sociologiques et psychologiques de la discipline à travers plusieurs chapitres (récupération d'informations, élicitation, techniques de communication non-verbale, etc.) ainsi que des cas d'études réelles (comme ceux de Kevin Mitnick).

Un ouvrage que je recommande pour comprendre les mécanismes de l'ingénierie sociale et prendre conscience que dans la chaine de l'infrastructure numérique, l'humain et son envie de collaborer sont [pratiquement] toujours les maillons faibles.
Avez-vous trouvé ce commentaire utile ?
1 internautes sur 1 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 Must read 4 juin 2013
Par Florent
Format:Broché|Achat vérifié
Ce n'est pas bêtement un enchaînement de scénarios comme j'ai pu dire danas "chaines d'exploits". Dans ce livre les différentes phases du social sont décrites avec beaucoup d'attention, puis des scénarios sont détaillées pour illustrer ces techniques. Ce qui est également sympa, ce sont les conseils pour éviter de se faire piéger.

Vraiment un bouquin à lire si rien que le sujet vous intéresse.
Avez-vous trouvé ce commentaire utile ?
Commentaires client les plus utiles sur Amazon.com (beta)
Amazon.com: 4.5 étoiles sur 5  102 commentaires
111 internautes sur 136 ont trouvé ce commentaire utile 
2.0 étoiles sur 5 Very broad, no depth 1 mai 2011
Par Brett A. Fishwild - Publié sur Amazon.com
Format:Broché|Achat vérifié
This book really isn't about computer safety, or about personal safety - it's just kind of all over. By page 40 I was skimming paragraphs, but page 100 I was skipping entire pages. This book is not written for people in the security field, nor is it really written for people who want to know more about their personal security. I think that if you know enough already to be aware of what social engineering is in the first place and have a decent understanding of personal computing safety - you already know what this book can give you. I would classify this book as a collegiate "survey 101" level textbook on communications - the book focuses on very general processes and only the last 60 pages discuss actual examples.

While deciding whether to buy this book or not, I joked with a friend that the fact that the first 28 people who reviewed it gave it 5 stars, was ITSELF an act of social engineering. I am not so sure that is a joke anymore. I've been buying books on Amazon for 12 some years now, and I don't think I've seen a book get that many fanatically raving reviews right off the bat. Looking back again at all those reviews, I guess perhaps if you know absolutely nothing at all about email scams and personal security, and happen to also be a CEO, then this book would be worth reading.

The foreword and first 10 pages talk about what will be in the book. This is a common format, but that's an awful lot of pages wasted on material that is literally repeated again later in the book. And then up front we see material on The Nigerian Scam. If you are a security professional or a CEO, or anyone really - and have fallen prey to this or don't know what it is, seriously, you've got bigger problems to deal with.

Perhaps that example is the crux of the matter - who exactly is the audience meant to be? The author really uses just one example, over and over, of him stalking a CEO at a bar. He learns a few things about the CEOs current life, including that he will be on vacation next week. The thief goes to the CEOs office when he knows he's gone, pretends he mixed up the date for an interview but wants to leave his resume for when the CEO returns. He hands the secretary a zip drive which has his document, which then also downloads malware onto the company's servers. Okay. While this is a valuable lesson on zip drives, do we need 50 pages of text to prove the point? And rather than focus on the inherent dangers of executable files (from media or emails/websites), the moral of this story focused on not ever talking to anyone in a bar. The author also spends most of the book on how to use SE (or basic thievery) against someone without any real solutions to the problems. For example, Chapter 7 talks about how to pick different kinds of locks - which has nothing to do with social engineering and I am not sure how someone uses that knowledge to protect them. Or how Doritos and FedEx hid symbols in their logos - this is SE sure, but what exactly will I do with this information?

Pages 55 to 100 are all about communicating. Unless you never learned in high school or freshman college that every message needs a sender and a receiver - you can skip this part of the book. If you want an exorbitant amount of detail on how people can intentionally act angry or surprised or sad, or can emphasize certain words all to elicit different responses from people - you can skip to page 181. Again, who is the audience here? Some parts of this chapter talk about how Homeland Security agents are trained to use these "tricks" to interrogate people. How many normal people are faced with dumpster diving, stalking, psychologically trained thieves trying to steal information from your company? And if you ARE faced with these problems -your needs are way beyond the scope of this book.

There are some good parts, like the section on microexpressions. The information on how people create their passwords was okay, though you can get those statistics almost anywhere. The search engine tools were interesting, though again that stuff is not social engineering and most computer savvy people likely know this material. The book was well edited, grammar and formatting, which is why I gave it the 2 stars.

Overall the three things I took from this book are: 1) shred your trash so dumpster divers can't find sensitive information; 2) don't use company email for non-business matters because SE's can use that information to create enticing emails with malware hidden in them; and 3) every time you put information onto anything - Facebook, hobby sites, fan clubs, even Amazon - there are many software packages out there that SE's can use to collect all that information and make profiles to use against you.
25 internautes sur 28 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 A real gem in the bookshelf 17 janvier 2011
Par Dave - Publié sur Amazon.com
Format:Broché|Achat vérifié
This book is one of the best books I read in regards to (IT) security. I do absolutely recommend this book to any pentester, security officer or person interested in this very interesting aspect of security. Performing penetration tests and security audits myself I try to especially implement SE in tests and audits since it is the best way to find issues and the human factor is neglected in most of the tests and reviews.

There was no book like this book before dealing with Social Engineering. At best SE has been mentioned in a book about security and only a couple pages were dedicated to it. But nowadays SE is becoming more and more important to keep in mind. The times when attackers and pentesters could exploit weaknesses in applications and services without the need of user interaction are mostly over. Usually the user has to open a malicious file for example a PDF file. This book explains how this can be achieved and also what to keep in mind when preparing an awareness training.

Reading this book will teach you how SE attacks are being performed, the background and underlying principles of them as well how to detect and mitigate them.

Chris explains everything in a very good and understandable way giving a lot of examples and infos on where to start with further research on the explained techniques (e.g. NLP, microexpressions...).

It is definately a must have.
62 internautes sur 75 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 The definitive book on social engineering 9 mars 2011
Par Ben Rothke - Publié sur Amazon.com
Format:Broché
One can sum up all of Social Engineering: The Art of Human Hacking in two sentences from page 297, where author Christopher Hadnagy writes "tools are an important aspect of social engineering, but they do not make the social engineer. A tool alone is useless; but the knowledge of how to leverage and utilize that tool is invaluable". Far too many people think that information security and data protection is simply about running tools, without understanding how to use them. In this tremendous book, Hadnagy shows how crucial the human element is within information security.

With that, Social Engineering: The Art of Human Hacking is a fascinating and engrossing book on an important topic. The author takes the reader on a vast journey of the many aspects of social engineering. Since social engineering is such a people oriented topic, a large part of the book is dedicated to sociological and psychological topics. This is an important area, as far too many technology books focus on the hardware and software elements, completely ignoring the people element. The social engineer can then use that gap to their advantage.

By the time that you start chapter 2 on page 23, it is abundantly clear that the author knows what he is talking about. This is in stark contrast with How To Become The Worlds No. 1 Hacker, where that author uses plagiarism to try to weave a tale of being the world's greatest security expert. Here, Hadnagy uses his real knowledge and experience to take the reader on a long and engaging ride on the subject. Coming in at 9 chapters and 360 pages, the author brings an encyclopedic knowledge and dishes it out in every chapter.

Two of the most popular books to date on social engineering to date have been Kevin Mitnick's The Art of Deception: Controlling the Human Element of Security and The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers. The difference between those books and Hadnagy, is that Mitnick for the most part details the events and stories around the attacks; while Hadnagy details the myriad specifics on how to carry out the social engineering attack.

The book digs deep and details how the social engineer needs to use a formal context for the attack, and breaks down the specific details and line-items on how to execute on that. That approach is much more suited to performing social engineering, than simply reading about social engineering.

Chapter 1 goes though the necessary introduction to the topic, with chapter 2 detailing the various aspects of information gathering. Once I started reading, it was hard to put the book down.

Social engineering is often misportrayed as the art of asking a question or two and then gaining root access. In chapter 3 on elicitation, the author details the reality of the requirements on how to carefully and cautiously elicit information from the target. Elicitation is not something for the social engineer alone, even the US Department of Homeland Security has a pamphlet that is uses to assist agents with elicitation.

After elicitation, chapter 4 details the art of pretexting, which is when an attacker creates an invented scenario to use to extract information from the victim.

Chapter 5 on mind tricks starts getting into the psychological element of social engineering. The author details topics such as micro expressions, modes of thinking, interrogation, neuro-linguistic programming and more.

Chapter 6 is on influence and the power of persuasion. The author notes that people are trained from a young age in nearly every culture to listen to and respect authority. When the social engineer takes on that role, it becomes a most powerful tool; far more powerful than any script or piece of software.

The author wisely waits until chapter 7 to discuss software tools used during a social engineering engagement. One of the author's favorite and most powerful tools is Maltego, which is an open source intelligence and forensics application. While the author concludes that it is the human element that is the most powerful, and that a great tool in the hand of a novice is worthless; the other side is that good tools (of which the author lists many), in the hands of an experienced social engineer, is an extremely powerful and often overwhelming combination.

Every chapter in the book is superb, but chapter 9 - Prevention and Mitigation stands out. After spending 338 pages about how to use social engineering; chapter 9 details the steps a firm must put in place to ensure they do not become a victim of a social engineering attack. The chapter lists the following six steps that must be executed upon:

* Learning to identify social engineering attacks
* Creating a personal security awareness program
* Creating awareness of the value of the information that is being sought by social engineers
* Keeping software updated
* Developing scripts
* Learning from social engineering audits

The author astutely notes that security awareness is not about 45- or 90-minute programs that only occur annually; rather it is about creating a culture and set of information security standards that each person in the organization is committed to using their entire life. This is definitely not a small undertaking. Firms must create awareness and security engineering programs to deal with the above six items. If they do not, they are them placing themselves at significant risk of being unable to effectively deal with social network attacks.

As to awareness, if nothing else, Social Engineering: The Art of Human Hacking demonstrates the importance of ensuring that social engineering is an integral part of an information security awareness program. This can't be underemphasized as even the definitive book on security awareness Managing an Information Security and Privacy Awareness and Training Program only has about 10 pages on social engineering attacks.

There are plenty of security books on hardware, software, certification and more. Those were perhaps the easy ones to write. Until now, very few have dealt with the human element, and the costs associated with ignoring that have been devastating. Social Engineering: The Art of Human Hacking is a book that is a long time in coming, but worth every page.

While seemingly geared to the information security staff, this is a book should be read by everyone, whether they are in technology or not. Social engineering is not something that just occurs behind a keyboard. Social attackers know that. It is about time everyone else did also.
26 internautes sur 31 ont trouvé ce commentaire utile 
5.0 étoiles sur 5 MUST READ for Security Professionals 10 janvier 2011
Par Ronald A. Woerner - Publié sur Amazon.com
Format:Broché
Finally, we have a book on hacking humans that contains details of psychology and human factors related to security. There is no other book like it. For that reason, it's a must read for all security professionals.
Humans are and always will be the weakest security link. PERIOD. Up to now, there hasn't been a comprehensive book on (1) how to orchestrate a Social Engineering campaign; (2) how to prevent a Social Engineer from breaching your defenses; and (3) psychological principals of how humans think and operate. This book has all three. It includes the details necessary to fully understand critical concepts for Social Engineering such as pretexting, elicitation, and influence, which provides a great framework on how to manipulate humans to take the actions you want. I've found that many computer security professionals aren't fluent in human factors. By reading this book, they will glean that knowledge.
BUT WAIT, THERE'S MORE, Chris also includes case studies to see the principles in action. These studies from Chris' experience as a professional Social Engineer round out this outstanding book.
Security professionals: If you read only one book in 2011, make it Social Engineering: The Art of Human Hacking by Chris Hadnagy.
4 internautes sur 4 ont trouvé ce commentaire utile 
4.0 étoiles sur 5 Excellent information for professionals and jaw dropping scenarios for any reader 6 octobre 2012
Par Corey P. Neskey - Publié sur Amazon.com
Format:Format Kindle|Achat vérifié
I suggest any professional read this work to get up to speed on the latest threats to their business. I also suggest this work to anyone who just wants to live a safer life by knowing what to look for in order to avoid being "socially engineered".

You may like this work if you enjoy: Sociology, Psychology, Philosophy, Sensation and Perception studies, street magic (entertainment)
Ces commentaires ont-ils été utiles ?   Dites-le-nous
Rechercher des commentaires
Rechercher uniquement parmi les commentaires portant sur ce produit

Passages les plus surlignés

 (Qu'est-ce que c'est ?)
&quote;
A website like www.googleguide.com/advanced_operators.html has a very nice list of both the operands and how to use them. &quote;
Marqué par 72 utilisateurs Kindle
&quote;
social engineering is the art or better yet, science, of skillfully maneuvering human beings to take action in some aspect of their lives. &quote;
Marqué par 68 utilisateurs Kindle
&quote;
social engineering is the act of manipulating a person to take an action that may or may not be in the targets best interest. &quote;
Marqué par 64 utilisateurs Kindle

Discussions entre clients

Le forum concernant ce produit
Discussion Réponses Message le plus récent
Pas de discussions pour l'instant

Posez des questions, partagez votre opinion, gagnez en compréhension
Démarrer une nouvelle discussion
Thème:
Première publication:
Aller s'identifier
 

Rechercher parmi les discussions des clients
Rechercher dans toutes les discussions Amazon
   


Les clients qui ont surligné cet ebook ont également surligné


Rechercher des articles similaires par rubrique