Social engineering penetration testing : (Record no. 538309)
[ view plain ]
| 000 -LEADER | |
|---|---|
| fixed length control field | 11625cam a2200469Ia 4500 |
| 001 - CONTROL NUMBER | |
| control field | ocn878263510 |
| 003 - CONTROL NUMBER IDENTIFIER | |
| control field | OCoLC |
| 005 - DATE AND TIME OF LATEST TRANSACTION | |
| control field | 20180529115611.0 |
| 008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION | |
| fixed length control field | 140426s2014 ne ob 001 0 eng d |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 9780124201828 |
| Qualifying information | (electronic bk.) |
| 020 ## - INTERNATIONAL STANDARD BOOK NUMBER | |
| International Standard Book Number | 0124201822 |
| Qualifying information | (electronic bk.) |
| 035 ## - SYSTEM CONTROL NUMBER | |
| System control number | (OCoLC)878263510 |
| 040 ## - CATALOGING SOURCE | |
| Original cataloging agency | DLC |
| Language of cataloging | eng |
| Transcribing agency | DLC |
| Modifying agency | AU |
| 049 ## - LOCAL HOLDINGS (OCLC) | |
| Holding library | Alfaisal Main Library |
| 050 #4 - LIBRARY OF CONGRESS CALL NUMBER | |
| Classification number | HM668 |
| Item number | .W38 2014eb |
| 100 1# - MAIN ENTRY--PERSONAL NAME | |
| Personal name | Watson, Gavin, |
| Dates associated with a name | 1982- |
| 245 10 - TITLE STATEMENT | |
| Title | Social engineering penetration testing : |
| Remainder of title | executing social engineering pen tests, assessments and defense / |
| Statement of responsibility, etc | Gavin Watson, Andrew Mason, Richard Ackroyd. |
| 260 ## - PUBLICATION, DISTRIBUTION, ETC. (IMPRINT) | |
| Place of publication, distribution, etc | Burlington : |
| Name of publisher, distributor, etc | Elsevier Science, |
| Date of publication, distribution, etc | 2014. |
| 264 ## - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE STATEMENTS | |
| Date of production, publication, distribution, manufacture | 2014. |
| 300 ## - PHYSICAL DESCRIPTION | |
| Extent | 1 online resource |
| 336 ## - CONTENT TYPE | |
| Content Type Term | text |
| Content Type Code | txt |
| Source | rdacontent |
| 337 ## - MEDIA TYPE | |
| Media Type Term | computer |
| Media Type Code | c |
| Source | rdamedia |
| 338 ## - CARRIER TYPE | |
| Carrier Type Term | online resource |
| Carrier Type Code | cr |
| Source | rdacarrier |
| 520 ## - SUMMARY, ETC. | |
| Summary, etc | Social engineering attacks target the weakest link in an organization's security-human beings. Everyone knows these attacks are effective, and everyone knows they are on the rise. Now, Social Engineering Penetration Testing gives you the practical methodology and everything you need to plan and execute a social engineering penetration test and assessment. You will gain fascinating insights into how social engineering techniques-including email phishing, telephone pretexting, and physical vectors- can be used to elicit information or manipulate individuals into performing actions that. |
| 588 0# - | |
| -- | Print version record. |
| 504 ## - BIBLIOGRAPHY, ETC. NOTE | |
| Bibliography, etc | Includes bibliographical references and index. |
| 505 0# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Front Cover -- Social Engineering Penetration Testing -- Copyright Page -- Contents -- Foreword -- Acknowledgements -- About the Authors -- About the Technical Editor -- 1 An Introduction to Social Engineering -- Introduction -- Defining social engineering -- Examples from the movies -- Sneakers -- Hackers -- Matchstick Men -- Dirty Rotten Scoundrels -- The Imposter -- Famous social engineers -- Kevin Mitnik -- Frank Abagnale -- Badir brothers -- Chris Hadnagy -- Chris Nickerson -- Real-world attacks -- The RSA breach -- The Buckingham Palace breach -- The Financial Times breach -- The Microsoft XBox breach -- Operation Camion -- Summary -- 2 The Weak Link in the Business Security Chain -- Introduction -- Why personnel are the weakest link -- Secure data with vulnerable users -- The problem with privileges -- Data classifications and need to know -- Security, availability, and functionality -- Customer service mentality -- Poor management example -- Lack of awareness and training -- Weak security policies -- Weak procedures -- Summary -- 3 The Techniques of Manipulation -- Introduction -- Pretexting -- Impersonation -- Baiting -- Pressure and solution -- Leveraging authority -- Reverse social engineering -- Chain of authentication -- Gaining credibility -- From innocuous to sensitive -- Priming and loading -- Social proof -- Framing information -- Emotional states -- Selective attention -- Personality types and models -- Body language -- Summary -- 4 Short and Long Game Attack Strategies -- Introduction -- Short-term attack strategies -- Targeting the right areas -- Using the allotted time effectively -- Common short game scenarios -- Long-term attack strategies -- Expanding on initial reconnaissance -- Fake social media profiles -- Information elicitation -- Extended phishing attacks -- Gaining inside help -- Working at the target company. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Targeting partner companies -- Long-term surveillance -- Summary -- 5 The Social Engineering Engagement -- Introduction -- The business need for social engineering -- Compliance and security standards -- Payment Cards Industry Data Security Standard -- ISO/IEC 27000 information security series -- Human Resource Security, Domain 8 -- Physical and Environmental Security, Domain 9 -- Social engineering operational considerations and challenges -- Challenges for the social engineers -- Less mission impossible, more mission improbable -- Dealing with unrealistic time scales -- Dealing with unrealistic time frames -- Taking one for the team -- Name and shame -- Project management -- Challenges for the client -- Getting the right people -- Legislative considerations -- The Computer Misuse Act 1990 (UK)-http://www.legislation.gov.uk/ukpga/1990/18 -- Section 1-Unauthorized access to computer material -- Section 2-Unauthorized access with intent to commit or facilitate commission of further offenses -- Section 3-Unauthorized acts with intent to impair or with recklessness as to impairing, operation of computer, etc. -- The Police and Justice Act 2006 (UK)-http://www.legislation.gov.uk/ukpga/2006/48/contents -- Making, supplying, or obtaining articles for use in computer misuse offenses -- Regulation of Investigatory Powers Act 2000 (UK)-http://www.legislation.gov.uk/ukpga/2000/23/introduction -- The Human Rights Act 1998 (UK)-http://www.legislation.gov.uk/ukpga/1998/42/contents -- Right to respect for private and family life -- Computer Fraud and Abuse Act-United States -- Social engineering frameworks -- Pre-engagement interactions -- Intelligence gathering -- Threat modeling -- Exploitation -- Post exploitation -- Primary objective (exploitation) -- Secondary objectives (post exploitation) -- Reporting -- Assessment prerequisites -- Scoping documents. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Contact details -- Type of testing -- Scope limitations -- Get out of jail free -- Key deliverables -- The debrief -- Debrief key points -- The report -- Written report key points -- Social engineering team members and skill sets -- The generalist -- Key attribute(s) -- The ethical hacker -- Key attribute(s) -- The burner -- The social engineer -- Key attribute(s) -- The scout -- Key attribute(s) -- The thief -- Key attribute(s) -- Summary -- 6 Ensuring Value Through Effective Threat Modeling -- Introduction -- Why the need for threat modeling? -- Gain access to my underground bunker data center -- Consultant led threat modeling -- What? -- Why? -- Who? -- Where? -- How? -- What? -- Why? -- Who? -- Where? -- How? -- Plugging into the Information Assurance and Risk Management processes -- Gather information using open-source discovery of organizational information -- Perform reconnaissance and surveillance of targeted organizations -- Craft phishing attacks -- Craft spear phishing attacks -- Create counterfeit/spoof web site -- Deliver malware by providing removable media -- Exploit physical access of authorized staff to gain access to organizational facilities -- Conduct outsider-based social engineering to obtain information -- Conduct insider-based social engineering to obtain information -- Obtain information by opportunistically stealing or scavenging information systems/components -- Who would want to gain access to my business? -- State-sponsored/terrorist groups -- Organized crime groups -- Trouble causers, hobbyists, and lone gunmen -- Other players -- Summary -- 7 Creating Targeted Scenarios -- Introduction -- The components of a scenario -- Target identification -- Open-source reconnaissance -- Target profiling -- Physical reconnaissance -- Target engagement -- Pretext design mapping -- Planning for the unknown -- Scenario specific outcomes. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Cover stories -- Exit strategies -- Designing to fail -- Summary -- 8 Leveraging Open-Source Intelligence -- Introduction -- The corporate website -- Business purpose -- Partners, clients, vendors -- E-mail addresses -- Employee names -- Staff hierarchy -- Phone numbers -- Photos of employees and business locations -- Spidering -- Passive Spider -- Active spidering with OWASP Zed Attack Proxy -- Why is this information useful to a social engineer? -- Document metadata -- Strings -- FOCA-http://www.informatica64.com/foca.aspx -- Metagoofil -- Why document metadata is useful to social engineers -- Photographic metadata -- Exiftool-http://www.sno.phy.queensu.ca/~phil/exiftool/ -- Image Picker-a Firefox add-on-https://addons.mozilla.org/en-us/firefox/addon/image-picker/ -- Using Wget to download images from a site -- GeoSetter-http://www.geosetter.de/en/ -- Reverse image search engines -- Not so metadata -- PDFGrep-http://pdfgrep.sourceforge.net -- Document obfuscation -- The Way Back Machine-http://archive.org/web/web.php -- E-mail addresses -- Phishing attacks -- Password attacks -- Insider knowledge -- E-mail address conventions -- theharvester-https://code.google.com/p/theharvester/ -- FOCA -- Metagoofil -- Whois -- Sam Spade -- Jigsaw -- Recon-ng-https://bitbucket.org/LaNMaSteR53/recon-ng-also includes a handful of Jigsaw modules -- Social media -- LinkedIn -- Recon-ng-https://bitbucket.org/LaNMaSteR53/recon-ng -- Facebook -- Twitter -- Recon-ng -- DNS records -- Dnsrecon-https://github.com/darkoperator/dnsrecon-Twitter-@Carlos_Perez -- Subdomain brute forcing -- CeWL-http://www.digininja.org/projects/cewl.php -- Whois records -- Making use of the intel -- Summary -- 9 The E-mail Attack Vector -- Introduction -- An introduction to phishing attacks -- Why phishing attacks work -- The client-side attack -- Spear phishing versus trawling -- Trawling. |
| 505 8# - FORMATTED CONTENTS NOTE | |
| Formatted contents note | Spear phishing -- Real-world phishing examples -- American Express-drive-by-download -- Dr. Atanasoff Gavin-advance fee fraud -- Apple ID scam-credential harvesting -- Nobody falls for this one. Nobody. Ever. -- Active e-mail reconnaissance -- Nondelivery reports -- Out-of-office responses -- The nonexistent meeting -- Impersonating the absent staff member -- Creating plausible e-mail scenarios -- Work experience placements -- Weaponizing the scenario -- The college project -- Weaponizing the scenario -- The recruitment consultant -- Salesperson -- Defending against phishing attacks -- Technological approaches -- Spam and antivirus products at the gateway, mail server, and the endpoint or client machine -- Host based intrusion preventions or "HIPS" products, and network based intrusion prevention systems -- Client application patching -- Outbound content filtering-firewalls and proxies -- Human approaches -- Setting up your own attack -- Spoofed e-mails versus fake domain names -- The SET -- Spear phishing attack vector -- Does this approach really work? -- Malicious Java applets -- Using cloned web sites to harvest credentials -- Is all of this really social engineering? -- Summary -- 10 The Telephone Attack Vector -- Introduction -- Real-world examples -- Kevin Mitnick -- Card cancelation scams -- Environmental sounds -- The issues with caller ID -- Caller ID spoofing -- Phone system hacks -- Is the contact database up to date? -- Transferring caller ID -- How to figure out if your caller ID shows up -- Summing it up -- Building on the e-mail attack -- Please contact Sarah in my absence -- Who ya gonna call? -- Job enquiries -- Sales calls -- Surveys -- Impersonating staff members -- The help desk -- Employee numbers -- Obtaining key information and access -- Credentials and e-mail access -- Physical access -- The physical access zero day. |
| 590 ## - LOCAL NOTE (RLIN) | |
| Local note | Elsevier |
| Provenance (VM) [OBSOLETE] | ScienceDirect All Books |
| 650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Social engineering. |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | SOCIAL SCIENCE |
| General subdivision | General. |
| Source of heading or term | bisacsh |
| 650 #7 - SUBJECT ADDED ENTRY--TOPICAL TERM | |
| Topical term or geographic name as entry element | Social engineering. |
| Source of heading or term | fast |
| -- | (OCoLC)fst01122444 |
| 655 #7 - INDEX TERM--GENRE/FORM | |
| Genre/form data or focus term | Electronic books. |
| Source of term | local |
| 700 1# - ADDED ENTRY--PERSONAL NAME | |
| Personal name | Mason, Andrew. |
| 700 1# - ADDED ENTRY--PERSONAL NAME | |
| Personal name | Ackroyd, Richard. |
| 710 2# - ADDED ENTRY--CORPORATE NAME | |
| Corporate name or jurisdiction name as entry element | ScienceDirect eBooks. |
| 776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
| Display text | Print version: |
| Main entry heading | Watson, Gavin. |
| Title | Social engineering penetration testing. |
| Place, publisher, and date of publication | Burlington : Elsevier Science, 2014 |
| International Standard Book Number | 9780124201828 |
| 856 40 - ELECTRONIC LOCATION AND ACCESS | |
| Uniform Resource Identifier | <a href="http://ezproxy.alfaisal.edu/login?url=https://www.sciencedirect.com/science/book/9780124201248">http://ezproxy.alfaisal.edu/login?url=https://www.sciencedirect.com/science/book/9780124201248</a> |
| 942 ## - ADDED ENTRY ELEMENTS (KOHA) | |
| Source of classification or shelving scheme | Library of Congress Classification |
| Koha item type | eBooks |
No items available.