Take on the perspective of an attacker with this insightful new resource for ethical hackers, pentesters, and social engineers 

In The Art of Attack: Attacker Mindset for Security Professionals, experienced physical pentester and social engineer Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to and how to use it to their advantage.  Adopting this mindset will result in the improvement of security, offensively and defensively, by allowing you to see your environment objectively through the eyes of an attacker.  

The book shows you the laws of the mindset and the techniques attackers use, from persistence to “start with the end” strategies and non-linear thinking, that make them so dangerous. You’ll discover: 

  • A variety of attacker strategies, including approaches, processes, reconnaissance, privilege escalation, redundant access, and escape techniques 
  • The unique tells and signs of an attack and how to avoid becoming a victim of one 
  • What the science of psychology tells us about amygdala hijacking and other tendencies that you need to protect against 

Perfect for red teams, social engineers, pentesters, and ethical hackers seeking to fortify and harden their systems and the systems of their clients, The Art of Attack is an invaluable resource for anyone in the technology security space seeking a one-stop resource that puts them in the mind of an attacker. 

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. About the Author
  5. Acknowledgments
  6. Introduction
    1. Who Is This Book For?
    2. What This Book Covers
  7. Part I: The Attacker Mindset
    1. Chapter 1: What Is the Attacker Mindset?
    2. Using the Mindset
    3. The Attacker and the Mindset
    4. AMs Is a Needed Set of Skills
    5. Summary
    6. Chapter 2: Offensive vs. Defensive Attacker Mindset
    7. The Offensive Attacker Mindset
    8. Defensive Attacker Mindset
    9. Summary
    10. Chapter 3: The Attacker Mindset Framework
    11. Development
    12. Ethics
    13. Social Engineering and Security
    14. Summary
  8. Part II: The Laws and Skills
    1. Chapter 4: The Laws
    2. Law 1: Start with the End in Mind
    3. Law 2: Gather, Weaponize, and Leverage Information
    4. Law 3: Never Break Pretext
    5. Law 4: Every Move Made Benefits the Objective
    6. Summary
    7. Chapter 5: Curiosity, Persistence, and Agility
    8. Curiosity
    9. The Exercise: Part 1
    10. The Exercise: Part 2
    11. Persistence
    12. Skills and Common Sense
    13. Summary
    14. Chapter 6: Information Processing: Observation and Thinking Techniques
    15. Your Brain vs. Your Observation
    16. Observation vs. Heuristics
    17. Observation vs. Intuition
    18. Observing People
    19. Observation Exercise
    20. AMs and Observation
    21. Tying It All Together
    22. Critical and Nonlinear Thinking
    23. Vector vs. Arc
    24. Education and Critical Thinking
    25. Workplace Critical Thinking
    26. Critical Thinking and Other Psychological Constructs
    27. Nonlinear Thinking
    28. Tying Them Together
    29. Summary
    30. Chapter 7: Information Processing in Practice
    31. Reconnaissance
    32. Recon: Passive
    33. Recon: Active
    34. OSINT
    35. Signal vs. Noise
    36. Summary
  9. Part III: Tools and Anatomy
    1. Chapter 8: Attack Strategy
    2. Attacks in Action
    3. Strategic Environment
    4. The Necessity of Engagement and Winning
    5. The Attack Surface
    6. AMs Applied to the Attack Vectors
    7. Summary
    8. Chapter 9: Psychology in Attacks
    9. Setting The Scene: Why Psychology Matters
    10. Ego Suspension, Humility & Asking for Help
    11. Introducing the Target‐Attacker Window Model
    12. Target Psychology
    13. Thin‐Slice Assessments
    14. Default to Truth
    15. Summary
  10. Part IV: After AMs
    1. Chapter 10: Staying Protected—The Individual
    2. Attacker Mindset for Ordinary People
    3. Behavioral Security
    4. Amygdala Hijacking
    5. Analyze Your Attack Surface
    6. Summary
    7. Chapter 11: Staying Protected—The Business
    8. Testing and Red Teams
    9. The Complex Policy
    10. Antifragile
    11. The Full Spectrum of Crises
    12. Final Thoughts
    13. Summary
  11. Index
  12. End User License Agreement