Table of Contents¶
- Online Courses
- Capture the Flag
- Psychology Books
- Cybrary - Social Engineering and Manipulation - Free Course
Capture the Flag¶
Social-Engineer.com - The SECTF, DEFCON¶
Most of these books covers the basics of psychology useful for a social engineer.
- What Every Body is Saying: An Ex-FBI Agent's Guide to Speed-Reading People - Joe Navarro, Marvin Karlins
Social Engineering Books¶
- Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails - Christopher Hadnagy, Michele Fincher, Robin Dreeke
- Low Tech Hacking: Street Smarts for Security Professionals - Jack Wiles, Terry Gudaitis, Jennifer Jabbusch, Russ Rogers
- Ghost in the Wires: My Adventures as the World's Most Wanted Hacker - Kevin D. Mitnick, William L. Simon, Steve Wozniak
- The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data - Kevin Mitnick, Robert Vamosi
Social Engineer resources¶
- The Social-Engineer portal - Everything you need to know as a social engineer is in this site. You will find podcasts, resources, framework, informations about next events, blog ecc...
- Tor - The free software for enabling onion routing online anonymity
- SET - The Social-Engineer Toolkit from TrustedSec
- Gophish - Open-Source Phishing Framework
- King Phisher - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
- wifiphisher - Automated phishing attacks against Wi-Fi networks
- PhishingFrenzy - Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.
- Evilginx2 - MITM attack framework used for phishing credentials and session cookies from any Web service
- Lucy Phishing Server - (commercial) tool to perform security awareness trainings for employees including custom phishing campaigns, malware attacks etc. Includes many useful attack templates as well as training materials to raise security awareness.
- OWASP Presentation of Social Engineering - OWASP
- Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter - Defcon 23
- Using Social Engineering Tactics For Big Data Espionage - RSA Conference Europe 2012
- Chris Hadnagy - 7 Jedi Mind Tricks Influence Your Target without a Word
- Robert Anderson - US Interrogation Techniques and Social Engineering
- Ian Harris - Understanding Social Engineering Attacks with Natural Language Processing
- Chris Hadnagy - Social Engineering for Fun and Profit
- Chris Hadnagy - Decoding humans live - DerbyCon 2015
- This is how hackers hack you using simple social engineering
- The Limits of Social Engineering - MIT, Technology Review
- The 7 Best Social Engineering Attacks Ever - DarkReading
- Social Engineering: Compromising Users with an Office Document - Infosec Institute
- The Persuasion Reading List - Scott Adams' Blog
- How I Socially Engineer Myself Into High Security Facilities - Sophie Daniel
- Awesome OSINT - Awesome list of OSINT
- OSINT Framework - Collection of various OSInt tools broken out by category.
- Intel Techniques - A collection of OSINT tools. Menu on the left can be used to navigate through the categories.
- NetBootcamp OSINT Tools - A collection of OSINT links and custom Web interfaces to other services such as Facebook Graph Search and various paste sites.
- Automating OSINT blog - A blog about OSINT curated by Justin Seitz, the same author of BHP.
- XRay - XRay is a tool for recon, mapping and OSINT gathering from public networks.
- Intel Techniques Online Tools - Use the links to the left to access all of the custom search tools.
- Buscador - A Linux Virtual Machine that is pre-configured for online investigators
- Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
- theHarvester - E-mail, subdomain and people names harvester
- creepy - A geolocation OSINT tool
- exiftool.rb - A ruby wrapper of the exiftool, a open-source tool used to extract metadata from files.
- metagoofil - Metadata harvester
- Google Hacking Database - a database of Google dorks; can be used for recon
- Google-Dorks - Common google dorks and others you prolly don't know
- GooDork - Command line go0gle dorking tool
- dork-cli - Command-line Google dork tool.
- Shodan - Shodan is the world's first search engine for Internet-connected devices
- recon-ng - A full-featured Web Reconnaissance framework written in Python
- github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak
- vcsmap - A plugin-based tool to scan public version control systems for sensitive information
- Spiderfoot - multi-source OSINT automation tool with a Web UI and report visualizations
- DataSploit - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
- snitch - information gathering via dorks
- Geotweet_GUI - Track geographical locations of tweets and then export to google maps.