Hadnagy’s “Social Engineering: The Science of Human Hacking” (henceforth referred to as “the book”) was a vivid overview of social engineering that handled the topic with an abundance of examples and plenty of warning regarding social engineering’s potential for misuse in the wrong hands and with the wrong intentions.
The book was relatively easy to follow and had good structure, starting with an introduction to what social engineering even is, how one prepares for a social engineering attack, and then introduces various techniques related to social engineering with examples from Hadnagy’s own experiences as a professional social engineering penetration tester. This allowed for a good flow to the book and the variety of examples, of both successes and failures, gave a more thorough understanding of the described social engineering techniques than mere descriptions would have given.
What I didn’t particularly like was parts of the book’s formatting—thinking about it in hindsight it felt like an odd mixture of web and book formatting where at times there would be bordered boxes separated from the main text with a so called “FUN FACT” or other type of external reference, which I found distracting as they were more often than not unrelated to the main body of the text; it felt like an attempt to seem casual or prove they are knowledgeable.
In general, the book was very informative about the topic of social engineering and had references to other people’s (and Hadnagy’s own) work, which lent an extra level of credibility to the book. One of the main conclusions I took from the book is that social engineering is essentially a field that takes advantage of human psychology and of the way humans communicate and interact with each other. In this regard, while I find social engineering to be fascinating, I also think it an insidious field, a perversion of the best in humanity—the willingness to trust and help others. A field that must be practiced in order to better defend against those who would use it to do harm and sow chaos.
To sum up my thoughts on this book and social engineering itself: what a shame, that people do not have the luxury of being naïve.
- Stern Kittel
No comments:
Post a Comment