Tuesday, February 8, 2011

Review of "Social Engineering: The Art of Human Hacking"

“Social Engineering:  The Art of Human Hacking”, by Chris Hadnagy is arguably the best book of its kind.  Mitnick’s books were great reads and highly interesting; however, Chris went above and beyond telling a story and applied an amazing framework around the stories.  The framework implements somewhat of a scientific background to a multitude of techniques used by social engineers that allows for a whole new understanding of the inner workings of the topic.  The book is possibly the best insight one can gain on the dangers faced by security environments from these masters of manipulation. 

However, the book takes more of an objective look into the subject and can be appreciated from a wide variety of audiences; not just the security officers of a company.  Hadnagy’s discussion on communication, persuasion, and influence techniques and tactics can be enjoyed by anyone.  I found myself not enjoying this book as a security student trying to learn more about prevention and mitigation of a threat; but, enjoying it more as a learning experience on how I can use the topics discussed in the book to improve my communication ability.  I was able to use techniques in this book in a recent presentation and found that my communication effectiveness was greatly improved just by focusing on small details and choosing my wording better.  Chapters four, five, and six are great for these means; I found learning about micro-expressions and Neuro-Linguistic Programming particularly gripping.

If you are looking at getting this book for improving your security awareness and learning more about how to prevent yourself from these types of attacks, the book delivers these points as well.  The book provides several examples that allow you to analyze how these attacks are put into place and show you what to lookout for.  A look at a wide variety of tools social engineers can use in their attacks, by providing an overview of each tool and how they would be used.  Also, an entire chapter is dedicated on how to protect against these threats; and a plethora of tips are provided that Hadnagy has learned through his vast experience. 

I would recommend this book to anyone; as I mentioned, it can appeal to a wide audience and is a great purchase.

Interested in this topic?  Check out:

Website the author of the book is a part of, as are many other great folks.  Newsletter is great, as well as, the podcast.


Creator of Social Engineering Toolkit, Dave Kennedy's website.  Interesting Blog.