Social Engineering Penetration Testing: Executing Social Engineering Pen Tests, Assessments and Defense (Paperback)

Gavin Watson, Andrew Mason, Richard Ackroyd

  • 出版商: Syngress Media
  • 出版日期: 2014-04-25
  • 定價: $1,750
  • 售價: 8.5$1,488
  • 語言: 英文
  • 頁數: 390
  • 裝訂: Paperback
  • ISBN: 0124201245
  • ISBN-13: 9780124201248
  • 相關分類: Penetration-test駭客 Hack
  • 立即出貨 (庫存 < 3)

買這商品的人也買了...

相關主題

商品描述

Social engineering attacks target the weakest link in an organization's security-human beings. Everyone knows these attacks are effective, and everyone knows they are on the rise. Now, Social Engineering Penetration Testing gives you the practical methodology and everything you need to plan and execute a social engineering penetration test and assessment. You will gain fascinating insights into how social engineering techniques-including email phishing, telephone pretexting, and physical vectors- can be used to elicit information or manipulate individuals into performing actions that may aid in an attack. Using the book's easy-to-understand models and examples, you will have a much better understanding of how best to defend against these attacks.

The authors of Social Engineering Penetration Testing show you hands-on techniques they have used at RandomStorm to provide clients with valuable results that make a real difference to the security of their businesses. You will learn about the differences between social engineering pen tests lasting anywhere from a few days to several months. The book shows you how to use widely available open-source tools to conduct your pen tests, then walks you through the practical steps to improve defense measures in response to test results.

  • Understand how to plan and execute an effective social engineering assessment
  • Learn how to configure and use the open-source tools available for the social engineer
  • Identify parts of an assessment that will most benefit time-critical engagements
  • Learn how to design target scenarios, create plausible attack situations, and support various attack vectors with technology
  • Create an assessment report, then improve defense measures in response to test results

商品描述(中文翻譯)

社交工程攻擊針對組織安全的最薄弱環節-人類。每個人都知道這些攻擊是有效的,也知道它們正在增加。現在,《社交工程滲透測試》為您提供了實用的方法論和一切您需要計劃和執行社交工程滲透測試和評估所需的工具。您將深入了解社交工程技術,包括電子郵件釣魚、電話偽裝和物理攻擊等,如何用於獲取信息或操縱個人以進行攻擊。通過本書易於理解的模型和示例,您將更好地了解如何最好地防禦這些攻擊。

《社交工程滲透測試》的作者們展示了他們在RandomStorm使用的實用技術,為客戶提供有價值的結果,真正改變了他們企業的安全性。您將了解社交工程滲透測試從幾天到幾個月的不同之處。本書向您展示如何使用廣泛可用的開源工具進行滲透測試,然後引導您進行實際步驟,以改進測試結果所需的防禦措施。

- 瞭解如何計劃和執行有效的社交工程評估
- 學習如何配置和使用社交工程師可用的開源工具
- 確定評估中最有利於時間緊迫的任務的部分
- 學習如何設計目標場景,創建可信的攻擊情境,並使用技術支持各種攻擊向量
- 創建評估報告,然後根據測試結果改進防禦措施