About the Author vAcknowledgments viiIntroduction xvPart I: The Attacker Mindset 1Chapter 1: What is the Attacker Mindset? 3Using the Mindset 6The Attacker and the Mindset 9AMs is a Needed Set of Skills 11A Quick Note on Scope 13Summary 16Key Message 16Chapter 2: Offensive vs. Defensive Attacker Mindset 17The Offensive Attacker Mindset 20Comfort and Risk 22Planning Pressure and Mental Agility 23Emergency Conditioning 26Defensive Attacker Mindset 31Consistency and Regulation 31Anxiety Control 32Recovery, Distraction, and Maintenance 34OAMs and DAMs Come Together 35Summary 35Key Message 36Chapter 3: The Attacker Mindset Framework 37Development 39Phase 1 43Phase 2 47Application 48Preloading 51"Right Time, Right Place" Preload 51Ethics 52Intellectual Ethics 53Reactionary Ethics 53Social Engineering and Security 57Social Engineering vs. AMs 59Summary 60Key Message 60Part II: The Laws and Skills 63Chapter 4: The Laws 65Law 1: Start with the End in Mind 65End to Start Questions 66Robbing a Bank 68Bringing It All together 70The Start of the End 71Clarity 71Efficiency 72The Objective 72How to Begin with the End in Mind 73Law 2: Gather, Weaponize, and Leverage Information 75Law 3: Never Break Pretext 77Law 4: Every Move Made Benefits the Objective 80Summary 81Key Message 82Chapter 5: Curiosity, Persistence, and Agility 83Curiosity 86The Exercise: Part 1 87The Exercise: Part 2 89Persistence 92Skills and Common Sense 95Professional Common Sense 95Summary 98Key Message 98Chapter 6: Information Processing: Observation and Thinking Techniques 99Your Brain vs. Your Observation 102Observation vs. Heuristics 107Heuristics 107Behold Linda 108Observation vs. Intuition 109Using Reasoning and Logic 112Observing People 114Observation Exercise 116AMs and Observation 122Tying It All Together 123Critical and Nonlinear Thinking 124Vector vs. Arc 127Education and Critical Thinking 128Workplace Critical Thinking 128Critical Thinking and Other Psychological Constructs 129Critical Thinking Skills 130Nonlinear Thinking 131Tying Them Together 132Summary 133Key Message 134Chapter 7: Information Processing in Practice 135Reconnaissance 136Recon: Passive 145Recon: Active 149OSINT 150OSINT Over the Years 150Intel Types 153Alternative Data in OSINT 154Signal vs. Noise 155Weaponizing of Information 158Tying Back to the Objective 160Summary 170Key Message 170Part III: Tools and Anatomy 171Chapter 8: Attack Strategy 173Attacks in Action 175Strategic Environment 177The Necessity of Engagement and Winning 179The Attack Surface 183Vulnerabilities 183AMs Applied to the Attack Vectors 184Phishing 184Mass Phish 185Spearphish 186Whaling 187Vishing 190Smishing/Smshing 195Impersonation 196Physical 199Back to the Manhattan Bank 200Summary 203Key Message 203Chapter 9: Psychology in Attacks 205Setting The Scene: Why Psychology Matters 205Ego Suspension, Humility & Asking for Help 210Humility 215Asking for Help 216Introducing the Target-Attacker Window Model 217Four TAWM Regions 218Target Psychology 221Optimism Bias 225Confirmation Bias and Motivated Reasoning 228Framing Effect 231Thin-SliceAssessments 233Default to Truth 236Summary 239Key Message 239Part IV: After AMs 241Chapter 10: Staying Protected--The Individual 243Attacker Mindset for Ordinary People 243Behavioral Security 246Amygdala Hijacking 250Analyze Your Attack Surface 252Summary 256Key Message 256Chapter 11: Staying Protected--The Business 257Indicators of Attack 258Nontechnical Measures 258Testing and Red Teams 261Survivorship Bias 261The Complex Policy 263Protection 264Antifragile 264The Full Spectrum of Crises 266AMs on the Spectrum 268Final Thoughts 269Summary 270Key Message 271Index 273

MAXIE REYNOLDS is Technical Team Lead for Social-Engineer, LLC leading their efforts as a physical pentester and social engineer. She is a certified Ethical Hacker, Digital Forensic Investigator, and Social Engineer. She holds degrees in Computer Science, Underwater Robotics, and is qualified in Quantum Computing. She has worked as a physical pentester for banks, transport agencies, and other industries.