stochastic-lies wrote:ImToast wrote:I don't see the point in Social engineering in my opinion.
Social engineering is an exceptionally dangerous "tool" when one can use it correctly. Think how stupid some people are. The biggest vulnerability in security is generally the human. Why not exploit a system from its weakest link, rather than spending twice as long using a much longer method to get whatever you want?
Stochastic-lies, is pretty dead on about this. Why spend hours trying to find a vunerability in a system when you can coax someone unfamilar on company protocal to give it to you.
I personally own the book and my personal opinion is as follows:
The Art of Deception is an good introductory book into Social Engineering. It gives you many examples in context and theory that get the reader interested and illustrates principles behind the practice. However it lacks in actual instruction on how to practice those skills. It is like a math book with theories and proofs without practice problems. You can state the quadratic equation or what a derative is and give examples on how they are used countless times in a book or on a blackboard. However until the student themself applies them they will not truly have an understanding of the concepts.