Further Reading: Chapter 9 — Social Engineering Reconnaissance

Books

"The Art of Deception" by Kevin Mitnick (2002) The classic text on social engineering by the world's most famous hacker. Mitnick's accounts of real-world social engineering attacks — many from his own experience — provide unparalleled insight into how social engineers think, plan, and execute. While the technology has evolved, the human psychology exploited in these attacks remains unchanged.

"Social Engineering: The Science of Human Hacking" by Christopher Hadnagy (2nd Edition, 2018) The most comprehensive technical guide to social engineering. Hadnagy covers elicitation, pretexting, influence, rapport building, and all phases of social engineering assessments. Includes practical frameworks for designing and executing authorized social engineering campaigns.

"Influence: The Psychology of Persuasion" by Robert Cialdini (Revised Edition, 2021) The foundational academic work on the psychology of persuasion. Cialdini's six (now seven) principles of influence form the theoretical basis for understanding why social engineering works. Essential reading for anyone conducting or defending against social engineering.

"Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails" by Christopher Hadnagy and Michele Fincher (2015) Focused specifically on phishing, this book covers both creating effective phishing campaigns for authorized testing and defending against them. Includes practical guidance on phishing program management, email template design, and measuring campaign effectiveness.

"Ghost in the Wires" by Kevin Mitnick (2011) Mitnick's autobiography detailing his years as a fugitive hacker. While a narrative rather than a technical manual, the book provides fascinating accounts of real social engineering operations that illustrate the principles covered in this chapter.

"Pre-Suasion: A Revolutionary Way to Influence and Persuade" by Robert Cialdini (2016) Cialdini's follow-up to Influence focuses on how the context and framing before a request shape compliance. Directly applicable to pretext design — understanding how to set the stage before making the social engineering "ask."

"Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You" by Christopher Hadnagy (2021) Hadnagy's guide to applying social engineering principles ethically in everyday life. While not a penetration testing manual, it provides deep insight into rapport building, non-verbal communication, and elicitation techniques.

Online Resources

Social Engineering Framework (https://www.social-engineer.org/) The Social Engineer organization maintains a comprehensive framework for social engineering concepts, tools, and techniques. Includes the Social Engineering Podcast, a valuable resource for staying current on SE techniques and defenses.

SANS SEC567: Social Engineering for Penetration Testers SANS course covering the full lifecycle of social engineering assessments including reconnaissance, pretext development, phishing campaigns, vishing, and physical social engineering. Includes hands-on labs with real-world scenarios.

GoPhish Documentation (https://docs.getgophish.com/) Documentation for the most popular open-source phishing framework. Covers campaign creation, email template design, landing page setup, and results analysis. Essential tool for conducting authorized phishing assessments.

Social Engineering CTF (DerbyCon/DEF CON) Social engineering villages and CTF events at major security conferences provide opportunities to practice vishing and other SE techniques in a legal, controlled environment. Recordings of past events are available online.

Research and Reports

"Verizon Data Breach Investigations Report" (Annual) Verizon's annual DBIR consistently shows that social engineering and phishing are among the top attack vectors. The human element section provides statistics on phishing success rates, social engineering techniques, and industry-specific trends.

"The State of Phishing" by Cofense (Annual) Annual report analyzing phishing attack trends, susceptibility rates, and reporting behavior. Provides benchmark data for comparing your organization's phishing assessment results against industry averages.

"KnowBe4 Phishing by Industry Benchmarking Report" (Annual) Statistics on phishing susceptibility across industries, company sizes, and testing frequencies. Useful for setting realistic expectations for social engineering campaign results and measuring improvement over time.

"The Rise of Deepfakes" (Various Academic and Industry Sources) Multiple research papers and industry reports document the advancing capabilities of deepfake technology and its implications for social engineering. Key sources include MIT Technology Review, Stanford Internet Observatory, and the Brookings Institution.

FBI Internet Crime Complaint Center (IC3) Annual Reports The FBI's IC3 publishes annual statistics on Business Email Compromise (BEC) and other social engineering fraud. The 2023 report documented over $2.9 billion in BEC losses — providing compelling evidence for the financial impact of social engineering.

Tools

GoPhish (https://github.com/gophish/gophish) Open-source phishing simulation framework. Provides campaign management, email template creation, landing page cloning, and detailed results tracking. The standard tool for authorized phishing assessments.

King Phisher (https://github.com/securestate/king-phisher) Full-featured phishing campaign toolkit with advanced features including email template management, server-side cloned web pages, and comprehensive campaign statistics.

SET (Social Engineering Toolkit) (https://github.com/trustedsec/social-engineer-toolkit) Dave Kennedy's Social Engineering Toolkit integrates with Metasploit and provides automated social engineering attack vectors including phishing, HTA attacks, and USB/CD-ROM-based attacks.

Evilginx2 (https://github.com/kgretzky/evilginx2) Advanced phishing framework that operates as a man-in-the-middle proxy, capable of capturing session tokens and bypassing two-factor authentication. Essential for testing MFA resilience in authorized assessments.

Modlishka (https://github.com/drk1wi/Modlishka) Another reverse proxy phishing tool that automates the process of creating real-time phishing proxies. Useful for testing whether an organization's MFA implementation is resistant to proxy-based phishing.

Sherlock (https://github.com/sherlock-project/sherlock) Username search tool that checks for the existence of usernames across 300+ social media platforms. Useful for social media profiling during social engineering reconnaissance.

Deepfake Technology (Educational Reference)

ElevenLabs (https://elevenlabs.io/) Commercial voice synthesis and cloning platform. Understanding its capabilities helps assess the realistic threat of voice-based deepfakes. Used in authorized testing with appropriate legal review.

Resemble.ai (https://www.resemble.ai/) Voice cloning API with real-time voice conversion capabilities. Demonstrates the state-of-the-art in AI voice synthesis.

This Person Does Not Exist (https://thispersondoesnotexist.com/) Generates photorealistic images of non-existent people using GANs. Demonstrates how synthetic profile photos are used to create fake LinkedIn and social media profiles for social engineering.

Deepfake Detection Resources: Microsoft Video Authenticator, Sensity.ai, and academic research from MIT and UC Berkeley provide tools and methodologies for detecting synthetic media — essential knowledge for defenders.

Standards and Ethics

PTES Social Engineering Section The Penetration Testing Execution Standard's social engineering section defines standards for social engineering scope, rules of engagement, target selection, and reporting.

Social Engineering Code of Ethics (Social-Engineer.org) Professional code of ethics for social engineering practitioners, addressing consent, privacy, proportionality, and professional conduct.

NIST SP 800-50: Building an Information Technology Security Awareness and Training Program Government guidance on security awareness training, including recommendations for phishing simulations, social engineering awareness, and program effectiveness measurement.