This weekend I had the privilege to present at bsidesdc.org on the subject of Social Engineering techniques for use in driving positive security outcomes.  At the end of the presentation there were several great questions and a slide of reference materials I’ve studied related to the concepts I was presenting in the class.  Though I’m still settling back down after the conference, I did want to post the final slide from my deck (and my comments on the references) for others to follow up on if interested.  A little later this week I’ll post up some of the questions I was asked at the end as best I can recal them, and my answers to those questions.  They were great questions which I think really helped add to the topic.

So here is the slide and my comments on the references (links to PDF version):

For the first two book references I called out particular chapters I thought were especially relevant to “Blue Team” security influencing.  But, both books are a great read in whole.

  • The Art of Deception
    • This is a great collection of stories style book regarding Social Engineering.  Provides an relatively easy read or less technical read that provides real world examples that then walks through the techniques and tricks used.
  • Social Engineering: The Art of Human Hacking
    • I would consider this the much more technical book, covers many of the same Psychology principles I discussed in great detail.  Additional covers some very advanced techniques like recognizing micro-expressions that could also be potentially helpful to a Blue Team trying to read their audience.
    • I would also go take a look at some of Chris Hadnagy’s Defcon talks on Social Engineering
    • There is a newer edition “Social Engineering: The Science of Human Hacking“, but I have not read that edition yet.
  • Quite: The Power of introverts in a World that Can’t Stop Talking
    • I read this primarily because of my interest in better understanding my own introverted ways originally.  I actually found that the discussion around the different ways introverts and extroverts process information, the ways they interact with individuals, and how they engage very helpful in understanding my own interactions with other introverts and extroverts.
  • Communication Theory – CMC in ODR
    • Bill Warters (Who I borrowed his great diagram of Communication Modeling from) has a great break down of commutation modeling process and examples.  This is a free online learning module of his.
  • Jek Hyde @HydeNS33K
    • Jek does a lot of great walk throughs of her on-site pen-testing (Social Engineering Engagements).  Well worth following here to see many of these techniques in practice.
  • Social Engineering for the Blue Team
    • Timothy De Block does a different talk on the same subject.  Great discussion on presentation and perceptions.