Blue Teams Next Tool: Social Engineering (Psychology and Sociology at Work) – References

This weekend I had the privilege to present at bsidesdc.org on the subject of Social Engineering techniques for use in driving positive security outcomes.  At the end of the presentation there were several great questions and a slide of reference materials I’ve studied related to the concepts I was presenting in the class.  Though I’m still settling back down after the conference, I did want to post the final slide from my deck (and my comments on the references) for others to follow up on if interested.  You can find the recording of the presentation and Question/Answer section here.  They were great questions which I think really helped add to the topic.

So here is the slide and my comments on the references (links to PDF version):

For the first two book references I called out particular chapters I thought were especially relevant to “Blue Team” security influencing.  But, both books are a great read in whole.

  • The Art of Deception
    • This is a great collection of stories style book regarding Social Engineering.  Provides an relatively easy read or less technical read that provides real world examples that then walks through the techniques and tricks used.
  • Social Engineering: The Art of Human Hacking
    • WARNING: A word about this Author.  After publishing this article information came out that Hadnagy behaved inappropriately and was banned from DefCon.  These skills should be used for good, not abuse.  If you do purchases this book, please find it used in your local used bookstore (plus you are supporting your local used bookstore!)
    • I would consider this a much more technical book, covers many of the same Psychology principles I discussed in great detail.  Additionally, it covers some very advanced techniques like recognizing micro-expressions that could also be potentially helpful to a Blue Team trying to read their audience.
    • There is a newer edition “Social Engineering: The Science of Human Hacking“, but I have not read that edition yet.
  • Quite: The Power of introverts in a World that Can’t Stop Talking
    • I read this primarily because of my interest in better understanding my own introverted ways originally.  I actually found that the discussion around the different ways introverts and extroverts process information, the ways they interact with individuals, and how they engage very helpful in understanding my own interactions with other introverts and extroverts.
  • Communication Theory – CMC in ODR
    • Bill Warters (Who I borrowed his great diagram of Communication Modeling from) has a great break down of commutation modeling process and examples.  This is a free online learning module of his.
  • Jek Hyde @HydeNS33K
    • Jek does a lot of great walk throughs of her on-site pen-testing (Social Engineering Engagements).  Well worth following here to see many of these techniques in practice.
  • Social Engineering for the Blue Team
    • Timothy De Block does a different talk on the same subject.  Great discussion on presentation and perceptions.

About D-Caf

I'm a computer geek, what more is there to say?
This entry was posted in David, Security, Technology. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *