Social Engineering Penetration Testing

1st Edition

Executing Social Engineering Pen Tests, Assessments and Defense

Print ISBN: 9780124201248
eBook ISBN: 9780124201828
Imprint: Syngress
Published Date: 25th April 2014
Page Count: 390
38.95 + applicable tax
30.99 + applicable tax
49.95 + applicable tax
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Social engineering attacks target the weakest link in an organization's security—human beings. Everyone knows these attacks are effective, and everyone knows they are on the rise. Now, Social Engineering Penetration Testing gives you the practical methodology and everything you need to plan and execute a social engineering penetration test and assessment. You will gain fascinating insights into how social engineering techniques—including email phishing, telephone pretexting, and physical vectors— can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, you will have a much better understanding of how best to defend against these attacks.

The authors of Social Engineering Penetration Testing show you hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. You will learn about the differences between social engineering pen tests lasting anywhere from a few days to several months. The book shows you how to use widely available open-source tools to conduct your pen tests, then walks you through the practical steps to improve defense measures in response to test results.

Key Features

  • Understand how to plan and execute an effective social engineering assessment
  • Learn how to configure and use the open-source tools available for the social engineer
  • Identify parts of an assessment that will most benefit time-critical engagements
  • Learn how to design target scenarios, create plausible attack situations, and support various attack vectors with technology
  • Create an assessment report, then improve defense measures in response to test results


Information security practitioners, information technology leaders, network administrators, computer system administrators, information security engineers, IT professionals, Information security managers, security analysts, and an academic audience among information security majors.

Table of Contents

  • Foreword
  • Acknowledgements
  • About the Authors
  • About the Technical Editor
  • Chapter 1. An Introduction to Social Engineering

    • Introduction
    • Defining social engineering
    • Examples from the movies
    • Famous social engineers
    • Real-world attacks
    • Summary
  • Chapter 2. The Weak Link in the Business Security Chain

    • Introduction
    • Why personnel are the weakest link
    • Summary
  • Chapter 3. The Techniques of Manipulation

    • Introduction
    • Pretexting
    • Impersonation
    • Baiting
    • Pressure and solution
    • Leveraging authority
    • Reverse social engineering
    • Chain of authentication
    • Gaining credibility
    • From innocuous to sensitive
    • Priming and loading
    • Social proof
    • Framing information
    • Emotional states
    • Selective attention
    • Personality types and models
    • Body language
    • Summary
  • Chapter 4. Short and Long Game Attack Strategies

    • Introduction
    • Short-term attack strategies
    • Long-term attack strategies
    • Summary
  • Chapter 5. The Social Engineering Engagement

    • Introduction
    • The business need for social engineering
    • Social engineering operational considerations and challenges
    • Challenges for the social engineers
    • Challenges for the client
    • Legislative considerations
    • Social engineering frameworks
    • Assessment prerequisites
    • Key deliverables
    • Social engineering team members and skill sets
    • Summary
  • Chapter 6. Ensuring Value Through Effective Threat Modeling

    • Introduction
    • Why the need for threat modeling?
    • Who would want to gain access to my business?
    • Summary
  • Chapter 7. Creating Targeted Scenarios


No. of pages:
© Syngress 2014
eBook ISBN:
Paperback ISBN:


" depends on technique here,...and that is the book’s main focus: the techniques of these con artists. This book goes beyond the art and that is what makes it a must-read." --Computing Reviews

"...will help you understand the many tricks and approaches to this most powerful of hacking processes. will enable you to integrate social engineering within the overall framework of your penetration testing services." -Network Security, Nov 2014