Practical Social Engineering
A Primer for the Ethical Hacker
Joe Gray's working manual for the social-engineering side of red team and threat intel: OSINT-driven recon, pretexting, phishing infrastructure, and the legal and ethical boundaries that separate professional work from criminal activity.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Joe Gray
- Published
- 2022
- Publisher
- No Starch Press
- Pages
- 240
- Language
- English
Read this if
Red teamers, fraud investigators, and threat-intel analysts who need to operationalize social engineering as a discipline rather than a stunt. Strongest for the OSINT-to-pretext pipeline — Gray shows how recon directly shapes what your call sounds like.
Skip this if
Readers wanting Mitnick-style war stories. Gray writes like a practitioner, not a memoirist; the book is procedural and careful, not dramatic. Also light on adversarial deepfake / voice-clone tradecraft, which is where the field has moved since 2022.
Key takeaways
- Recon is the engagement: a pretext that doesn't survive contact with the target's reality is a recon failure, not a delivery failure.
- Documentation, scoping, and consent are not bureaucratic overhead; they are what separate professional social engineering from social engineering.
- OSINT and SE are the same workflow viewed from two sides — what you can find is what you can credibly claim to know.
Notes
Pair with The Art of Deception (Mitnick) for the human-side stories and with OSINT Techniques 11e (Bazzell) for the recon stack the pretexts depend on. Gray's Advanced Persistent Security podcast and the layer8 conference circuit are the live-practitioner companion. Most useful read alongside an actual engagement — the chapters land differently when you have a target binder open beside the book.
What to read before
What to read before Practical Social Engineering →Beginner · 2018
Open Source Intelligence Techniques and Tools
Hassan and Hijazi's pedagogical introduction to OSINT framed inside the broader intelligence cycle (collection → processing → analysis → dissemination) rather than around a specific toolchain.
Beginner · 2011
Ghost in the Wires
Kevin Mitnick's first-person account of his 1990s social-engineering and phone-system intrusions, foreword by Steve Wozniak. Self-promotional in tone but a primary source on a defining era.
Beginner · 2024
Hacks, Leaks, and Revelations
Micah Lee on the operational craft of working with leaked datasets: authentication, OPSEC for sources and journalists, and the Python tooling to actually parse what arrives in your dropbox.
What to read next
What to read after Practical Social Engineering →Advanced · 2022
Gray Hat Hacking
A multi-author breadth-first reference covering the modern offensive landscape: web, binary, hardware, IoT, mobile, cloud, and adversarial ML — the closest thing in print to a single-volume snapshot of where offensive security is.
Intermediate · 2018
Social Engineering
Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.
Intermediate · 2024
Extreme Privacy
Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.
Explore similar books
Alternatives to Practical Social Engineering →Intermediate · 2018
Social Engineering
Christopher Hadnagy's broad procedural reference on social engineering as a discipline — recon, pretexting, elicitation, microexpressions, and the structured engagement model his consultancy operationalized.
Intermediate · 2024
Extreme Privacy
Michael Bazzell's defender-side companion to OSINT Techniques: a step-by-step program for removing yourself from data brokers, public records, and the everyday surveillance economy without going off-grid.
Intermediate · 2024
OSINT Techniques
Michael Bazzell's relentlessly updated technical manual for finding people, accounts, breach data, geolocation evidence, and online identifiers — the de facto reference of the modern OSINT field.