My IT projects

I have been reading the “Social Engineering: The Art of Human Hacking” twice lately, the first time to have an overview of the book, and the second time to improve the techniques I tried to apply after my first

Social Engineering: The Art of Human Hacking

reading.

My first reading was fast, I wanted to know what techniques Christopher Hadnagy (the author) was using. After the first chapter I thought, “This guys knows what he is talking about”.  Chapters by chapters the author described techniques that he used to fool people, ways to ask questions, situations, etc.

The first chapters are  introductory chapters to social engineering techniques, information gathering, etc , however after the two first introductory chapters, the author introduces the reader to elicitation techniques, pretexting techniques, scenarios, which in my opinion where very well defined and covered.

The book then covers, faces expression, sometimes a bit to fast in my opinion, then goes on with Neuro-Linguistic Programming (NLP). NLP was probably the most confusing part for me, however Christopher covered it very well, he introduces the psychological part of Social Engineering, and thinking models. The book also details the power of persuasion as well as  how social engineers should listen to their targets.

In one of the chapters Christopher also covers social engineering tools and software that can be used against targets, in my opinion this chapters wasn’t necessary to the book. I had already used all the tools Christopher mentioned, and I would have definitely preferred one more chapter about persuasion, or “how to question a suspects”.

The end of the books covers the prevention, and how companies could prevent a social engineer to gather data. This chapter covers six steps that should be taught to employees.

After this first reading I was already convinced that the book would be useful, and I began to practice the author’s techniques on random people to improve my skills, I tried to pay attention to micro expressions while walking in the streets or while talking to people, I also tried some of the techniques on my friends, I tried to convince people etc. and it worked pretty well, and that’s how I decided to read the book once again, while keeping in mind that the book had been written by a social engineer.

During my second reading, I noticed that Christopher uses repetitions a lot in the book, a technique that Apple uses to convince people as well (did he wanted to convince us that the its book was awesome ?), another small annoying problem are the non shortened links present in the book when the author refers to its website or to youtube.

My second reading helped me to understand Neuro-Linguistic Programming (NLP) a bit more, and I had now time to read a bit more about NLP beside the book, I could also apply some more techniques, and then refer back to the book to compare my results and improve my trials.

I would say that the second reading was worth it, it helped me to improve the techniques I wasn’t “mastering” as well has having a better understanding of some chapters covered in the book.

To conclude, I would say that I read a few books on how to convince people, and on social engineering but this book is in my opinion the one which covers the best the psychological part of social engineering. I can also say that the examples given in the book did always make sense (which was not the case in all the books I read before). The author also pointed out very well the fact that to be “secure” you should be able to understand the techniques used by social engineers. This book might also help readers to have a better understanding of the people surrounding them, such as friends, family, and even children, since the book clearly points out the importance of “listening”.  Finally I sincerely recommend this book, to penetration testers, social engineers, psychology students and finally to everybody interested in security.