Awesome-Mirrors/awesome-social-engineering
1
0
Fork 0
mirror of https://github.com/giuliacassara/awesome-social-engineering.git synced 2024-09-30 04:35:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
fdfe62a045
awesome-social-engineering/README.md
Giulia fdfe62a045 added links to Miscellaneous section
2017-05-14 18:10:34 +02:00

254 lines
21 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Awesome Social Engineering
===============
[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
A curated list of awesome social engineering resources, inspired by the awesome-* trend on GitHub, especially Awesome Infosec.
Those resources and tools are intended only for cybersecurity professional, penetration testers and educational use in a controlled environment.
Do not harm anyone! No humans were manipulated to make this list.
Table of Contents
=================
1. [Online Courses](#online-courses)
2. [Capture the Flag](#capture-the-flag)
3. [Psychology Resources](#psychology-resources)
4. [Social Engineering Books](#social-engineering-books)
5. [OSINT](#osint)
6. [Documentation](#documentation)
7. [Tools](#tools)
8. [Miscellaneus](#miscellaneous)
9. [Contribution](#contribution)
10. [License](#license)
Online Courses
=================
#### Social-Engineer.com - Social Engineering Training
If you are looking for a serious training with a certification path, then you should check the courses provided by Social-Engineer.com which are among the best social engineering courses available.
- [Social-Engineer.com - Social Engineering Training](https://www.social-engineer.com/social-engineering-training/)
#### IntelTechniques.com - Online OSINT Training Course
This online training is designed for individuals who would like to learn and understand cutting edge open source intelligence techniques without traveling to attend an event.
- [IntelTechniques.com - Online OSINT Training Course](https://inteltechniques.com/online.aspx)
#### Udemy - Learn Social Engineering from Scratch
Learn how to hack into secure systems like a real hacker & how to secure yourself from hackers. In this course, you will start as a beginner with no previous knowledge about penetration testing or hacking, you will start with the basics of social engineering, and by end of it you'll be able to hack into all major operating systems (windows, OS X and Linux), generate different types of trojans and deliver them using smart social engineering techniques.
- [Udemy - Learn Social Engineering from Scratch](https://www.udemy.com/learn-social-engineering-from-scratch)
#### Cybrary - Social Engineering and Manipulation
In this online, self-paced Social Engineering and Manipulation training class, you will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.
- [Cybrary - Social Engineering and Manipulation](https://www.cybrary.it/course/social-engineering/)
Capture the Flag
=================
#### Social-Engineer.com - The SECTF, DEFCON
From the site: "This truly unique event will challenge you and test your abilities to use social engineering skills to gather small amounts of data from unsuspecting companies over the phone. Each contestant will be assigned a target company. Each contestant will be provided with flags, a sample report and their call time. You will be given three weeks (STRICT, NO EXCEPTIONS) to work on your information gathering and reporting."
- [Social-Engineer.com - DEFCON SECTF](https://www.social-engineer.org/sevillage-def-con/the-sectf/)
Psychology Resources
=================
#### University of Toronto - Introduction to Psychology
As a social engineer you have to understand human psychology, so the more you know about psychology, the better. <br />
This course will highlight the most interesting experiments within the field of psychology, discussing the implications of those studies for our understanding of the human mind and human behavior. We will explore the brain and some of the cognitive abilities it supports like memory, learning, attention, perception and consciousness.
- [University of Toronto - Introduction to Psychology](https://www.coursera.org/learn/introduction-psych)
#### The University of Queensland - The Science of Everyday Thinking
You will explore the psychology of our everyday thinking: why people believe weird things, how we form and change our opinions, why our expectations skew our judgments, and how we can make better decisions.
This course will provide you tools for improving your everyday thinking, tips and tricks for changing peoples minds . Also, you'll be able to use techniques for learning and retaining information longer and how to distinguish fact from fiction.
- [University of Toronto - Introduction to Psychology](https://www.coursera.org/learn/introduction-psych)
#### Psychology Books
Most of these books covers the basics of psychology useful for a social engineer.
- [How to Win Friends and Influence People - Dale Carnegie](https://www.amazon.co.uk/d/Books/How-Win-Friends-Influence-People-Dale-Carnegie/0091906814/ref=sr_1_1?ie=UTF8&qid=1494621059&sr=8-1&keywords=how+to+win+friends+and+influence+people)
- [The 48 Laws of Power - Robert Greene](https://www.amazon.co.uk/d/Books/48-Laws-Power-Robert-Greene-Collection/1861972784/ref=sr_1_1?ie=UTF8&qid=1494621512&sr=8-1&keywords=the+48+laws+of+power)
- [The Psychology Book](https://www.amazon.co.uk/d/Books/Psychology-Book-Nigel-Benson/1405391243/ref=sr_1_1?ie=UTF8&qid=1494621589&sr=8-1&keywords=psychology)
- [The Power of Habit: Why We Do What We Do, and How to Change - Charles Duhigg](https://www.amazon.co.uk/Power-Habit-Why-What-Change/dp/1847946240/ref=sr_1_1?ie=UTF8&qid=1494621842&sr=8-1&keywords=the+power+of+habit)
- [Influence: The Psychology of Persuasion Paperback Robert B., PhD Cialdini](https://www.amazon.co.uk/d/cka/Influence-Psychology-Persuasion-Robert-B-PhD-Cialdini/006124189X/ref=sr_1_1?ie=UTF8&qid=1494621912&sr=8-1&keywords=influence)
- [Emotions Revealed: Understanding Faces and Feelings - Prof Paul Ekman](https://www.amazon.co.uk/Emotions-Revealed-Understanding-Faces-Feelings/dp/0753817659/ref=sr_1_1?ie=UTF8&qid=1494622003&sr=8-1&keywords=paul+ekman)
- [The Psychology of Interrogations and Confessions: A Handbook - Gisli H. Gudjonsson](https://www.amazon.co.uk/Psychology-Interrogations-Confessions-Handbook-Policing-x/dp/0470844612/ref=sr_1_1?s=books&ie=UTF8&qid=1494624501&sr=1-1&keywords=psychology+of+interrogation)
- [Mindfucking: A Critique of Mental Manipulation - Colin McGinn](https://www.goodreads.com/book/show/4049997-mindfucking)
- [What Every Body is Saying: An Ex-FBI Agent's Guide to Speed-Reading People - Joe Navarro, Marvin Karlins](https://www.goodreads.com/book/show/1173576.What_Every_Body_is_Saying)
Social Engineering Books
=================
#### Social Engineering: The Art of Human Hacking
The first book to reveal and dissect the technical aspect of many social engineering maneuvers
From elicitation, pretexting, influence and manipulation all aspects of social engineering are picked apart, discussed and explained by using real world examples, personal experience and the science behind them to unraveled the mystery in social engineering.
- [Social Engineering: The Art of Human Hacking - Chris Hadnagy](https://www.amazon.co.uk/Social-Engineering-Art-Human-Hacking/dp/0470639539/ref=sr_1_1?ie=UTF8&qid=1494622911&sr=8-1&keywords=chris+hadnagy)
#### Unmasking the Social Engineer: The Human Element of Security
Learn to identify the social engineer by non-verbal behavior Unmasking the Social Engineer: The Human Element of Security focuses on combining the science of understanding non-verbal communications with the knowledge of how social engineers, scam artists and con men use these skills to build feelings of trust and rapport in their targets. The author helps readers understand how to identify and detect social engineers and scammers by analyzing their non-verbal behavior
- [Unmasking the Social Engineer: The Human Element of Security - Christopher Hadnagy, Dr. Ekman Paul](https://www.amazon.com/Unmasking-Social-Engineer-Element-Security/dp/1118608577)
#### Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails
Phishing Dark Waters addresses the growing and continuing scourge of phishing emails, and provides actionable defensive techniques and tools to help you steer clear of malicious emails. Phishing is analyzed from the viewpoint of human decisionmaking and the impact of deliberate influence and manipulation on the recipient. With expert guidance, this book provides insight into the financial, corporate espionage, nation state, and identity theft goals of the attackers, and teaches you how to spot a spoofed email or cloned website.
- [Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails - Christopher Hadnagy, Michele Fincher, Robin Dreeke ](https://www.amazon.co.uk/Phishing-Dark-Waters-Offensive-Defensive-x/dp/1118958470/ref=sr_1_fkmr0_1?ie=UTF8&qid=1494622911&sr=8-1-fkmr0&keywords=chris+hadnagy)
#### Social Engineering in IT Security: Tools, Tactics, and Techniques
Conduct ethical social engineering tests to identify an organization's susceptibility to attack. Written by a global expert on the topic, Social Engineering in IT Security discusses the roots and rise of social engineering and presents a proven methodology for planning a test, performing reconnaissance, developing scenarios, implementing the test, and accurately reporting the results. Specific measures you can take to defend against weaknesses a social engineer may exploit are discussed in detail. This practical guide also addresses the impact of new and emerging technologies on future trends in social engineering.
- [Social Engineering in IT Security: Tools, Tactics, and Techniques, Sharon Conheady](https://www.amazon.com/Social-Engineering-Security-Techniques-Networking/dp/0071818464)
#### No tech Hacking
As professional hackers, Johnny Long and Kevin Mitnick get paid to uncover weaknesses in those systems and exploit them. Whether breaking into buildings or slipping past industrial-grade firewalls, their goal has always been the same: extract the information using any means necessary. After hundreds of jobs, they have discovered the secrets to bypassing every conceivable high-tech security system. This book reveals those secrets; as the title suggests, it has nothing to do with high technology.
- [No Tech Hacking - Johnny Long, Kevin D. Mitnick](https://www.amazon.co.uk/No-Tech-Hacking-Engineering-Dumpster/dp/1597492159/ref=sr_1_1?ie=UTF8&qid=1494624109&sr=8-1&keywords=no+tech+hacking)
#### Low Tech Hacking
Low Tech Hacking teaches your students how to avoid and defend against some of the simplest and most common hacks. Criminals using hacking techniques can cost corporations, governments, and individuals millions of dollars each year. This book focuses on the everyday hacks that, while simple in nature, actually add up to the most significant losses.
- [Low Tech Hacking: Street Smarts for Security Professionals - Jack Wiles, Terry Gudaitis, Jennifer Jabbusch, Russ Rogers](https://www.amazon.it/Low-Tech-Hacking-Security-Professionals/dp/1597496650)
#### The Art of Deception: Controlling the Human Element of Security
Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programs, and manuals that address the human element of security.
- [The Art of Deception: Controlling the Human Element of Security, Kevin D. Mitnick, William L. Simon](https://www.amazon.co.uk/Art-Deception-Controlling-Element-Security/dp/076454280X/ref=pd_sim_14_1?_encoding=UTF8&psc=1&refRID=37KD2B6G2Q981MB8D2GM)
#### Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies, and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. Ghost in the Wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.
- [Ghost in the Wires: My Adventures as the World's Most Wanted Hacker - Kevin D. Mitnick, William L. Simon, Steve Wozniak](https://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037729/ref=sr_1_1?s=books&ie=UTF8&qid=1494769979&sr=1-1&keywords=ghost+in+the+wires)
#### The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
In this explosive yet practical book, Kevin Mitnick illustrates what is happening without your knowledge--and he teaches you "the art of invisibility." He provides both online and real life tactics and inexpensive methods to protect you and your family, in easy step-by-step instructions. He even talks about more advanced "elite" techniques, which, if used properly, can maximize your privacy. Invisibility isn't just for superheroes--privacy is a power you deserve and need in this modern age.
[The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data - Kevin Mitnick, Robert Vamosi](https://www.amazon.com/Art-Invisibility-Worlds-Teaches-Brother/dp/0316380520/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1494770268&sr=1-1)
#### The Social Engineer's Playbook: A Practical Guide to Pretexting
The Social Engineer's Playbook is a practical guide to pretexting and a collection of social engineering pretexts for Hackers, Social Engineers and Security Analysts. Build effective social engineering plans using the techniques, tools and expert guidance in this book.
- [The Social Engineer's Playbook: A Practical Guide to Pretexting - Jeremiah Talamantes](https://www.amazon.com/Social-Engineers-Playbook-Practical-Pretexting/dp/0692306617/ref=sr_1_1?s=books&ie=UTF8&qid=1494770673&sr=1-1&keywords=The+Social+Engineer%27s+Playbook%3A+A+Practical+Guide+to+Pretexting)
OSINT
=================
#### OSINT Resources
##### Some links are taken from [awesome-pentest](https://github.com/enaqx/awesome-pentest)
* [OSINT Framework](http://osintframework.com/) - Collection of various OSInt tools broken out by category.
* [Intel Techniques](https://inteltechniques.com/menu.html) - A collection of OSINT tools. Menu on the left can be used to navigate through the categories.
* [NetBootcamp OSINT Tools](http://netbootcamp.org/osinttools/) - A collection of OSINT links and custom Web interfaces to other services such as [Facebook Graph Search](http://netbootcamp.org/facebook.html) and [various paste sites](http://netbootcamp.org/pastesearch.html).
* [Automating OSINT blog](http://www.automatingosint.com/blog/) - A blog about OSINT curated by Justin Seitz, the same author of BHP.
#### OSINT Tools
* [Intel Techniques Online Tools](https://inteltechniques.com/menu.html) - Use the links to the left to access all of the custom search tools.
* [Buscador](https://inteltechniques.com/buscador/) - A Linux Virtual Machine that is pre-configured for online investigators
* [Maltego](http://www.paterva.com/web7/) - Proprietary software for open source intelligence and forensics, from Paterva.
* [theHarvester](https://github.com/laramies/theHarvester) - E-mail, subdomain and people names harvester
* [creepy](https://github.com/ilektrojohn/creepy) - A geolocation OSINT tool
* [exiftool.rb](https://github.com/mceachen/exiftool.rb) - A ruby wrapper of the exiftool, a open-source tool used to extract metadata from files.
* [metagoofil](https://github.com/laramies/metagoofil) - Metadata harvester
* [Google Hacking Database](https://www.exploit-db.com/google-hacking-database/) - a database of Google dorks; can be used for recon
* [Google-dorks](https://github.com/JohnTroony/Google-dorks) - Common google dorks and others you prolly don't know
* [GooDork](https://github.com/k3170makan/GooDork) - Command line go0gle dorking tool
* [dork-cli](https://github.com/jgor/dork-cli) - Command-line Google dork tool.
* [Shodan](https://www.shodan.io/) - Shodan is the world's first search engine for Internet-connected devices
* [recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) - A full-featured Web Reconnaissance framework written in Python
* [github-dorks](https://github.com/techgaun/github-dorks) - CLI tool to scan github repos/organizations for potential sensitive information leak
* [vcsmap](https://github.com/melvinsh/vcsmap) - A plugin-based tool to scan public version control systems for sensitive information
* [Spiderfoot](http://www.spiderfoot.net/) - multi-source OSINT automation tool with a Web UI and report visualizations
* [DataSploit](https://github.com/upgoingstar/datasploit) - OSINT visualizer utilizing Shodan, Censys, Clearbit, EmailHunter, FullContact, and Zoomeye behind the scenes.
* [snitch](https://github.com/Smaash/snitch) - information gathering via dorks
Documentation
=================
#### Social Engineer resources
* [The Social-Engineer portal](https://www.social-engineer.org/) - Everything you need to know as a social engineer is in this site. You will find podcasts, resources, framework, informations about next events, blog ecc...
Tools
=================
#### Useful tools
* [Tor](https://www.torproject.org/) - The free software for enabling onion routing online anonymity
* [SET](https://github.com/trustedsec/social-engineer-toolkit) - The Social-Engineer Toolkit from TrustedSec
#### Phishing tools
* [Gophich](https://getgophish.com/) - Open-Source Phishing Framework
* [King Phisher](https://github.com/securestate/king-phisher) - Phishing campaign toolkit used for creating and managing multiple simultaneous phishing attacks with custom email and server content.
* [wifiphisher](https://github.com/sophron/wifiphisher) - Automated phishing attacks against Wi-Fi networks
* [PhishingFrenzy](https://www.phishingfrenzy.com/) - Phishing Frenzy is an Open Source Ruby on Rails application that is leveraged by penetration testers to manage email phishing campaigns.
* [Evilginx](https://github.com/kgretzky/evilginx) - MITM attack framework used for phishing credentials and session cookies from any Web service
Miscellaneous
=================
### Slides
* [OWASP Presentation of Social Engineering](https://www.owasp.org/images/5/54/Presentation_Social_Engineering.pdf) - OWASP
* [Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/DEFCON-24-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-WP.pdf) - Defcon 23
* [Using Social Engineering Tactics For Big Data Espionage](https://www.rsaconference.com/writable/presentations/file_upload/das-301_williams_rader.pdf) - RSA Conference Europe 2012
### Videos
* #### Defcon
* [Chris Hadnagy - 7 Jedi Mind Tricks Influence Your Target without a Word](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20villages/DEF%20CON%2024%20Social%20Engineer%20Village%20-%20Chris%20Hadnagy%20-%207%20Jedi%20Mind%20Tricks%20Influence%20Your%20Target%20without%20a%20Word.mp4)
* [Robert Anderson - US Interrogation Techniques and Social Engineering.mp4](https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20villages/DEF%20CON%2024%20Social%20Engineer%20Village%20-%20Robert%20Anderson%20-%20US%20Interrogation%20Techniques%20and%20Social%20Engineering.mp4)
* [Ian Harris - Understanding Social Engineering Attacks with Natural Language Processing](https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20villages%20video/DEF%20CON%2023%20Social%20Engineering%20Village%20-%20Ian%20Harris%20-%20Understanding%20Social%20Engineering%20Attacks%20with%20Natural%20Language%20Processing%20-%20Video.mp4)
* [This is how hackers hack you using simple social engineering](https://www.youtube.com/watch?v=lc7scxvKQOo)
### Articles
* [The Limits of Social Engineering](https://www.technologyreview.com/s/526561/the-limits-of-social-engineering/) - MIT, Technology Review
* [The 7 Best Social Engineering Attacks Ever](http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411) - DarkReading
* [Social Engineering: Compromising Users with an Office Document](http://resources.infosecinstitute.com/social-engineering-compromising-users-using-office-document/) - Infosec Institute
### Movies
* [Tiger Team (TV series)](https://en.wikipedia.org/wiki/Tiger_Team_)
Contribution
================
Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the [Contributing Guidelines](CONTRIBUTING.md) for more details.
License
================
### License
[![Creative Commons License](http://i.creativecommons.org/l/by/4.0/88x31.png)](https://creativecommons.org/licenses/by/4.0/)
This work is licensed under a [Creative Commons Attribution 4.0 International License](http://creativecommons.org/licenses/by/4.0/)
Reference in New Issue View Git Blame Copy Permalink