Kick off the New Year with SANS Security East 2017 in New Orleans (January 9-14)

SEC567: Social Engineering for Penetration Testers New

SEC567: Social Engineering for Penetration Testers provides the blend of knowledge required to add social engineering skills to your penetration testing portfolio. Successful social engineering utilizes psychological principles and technical techniques to measure your success and manage the risk. SEC567 covers the principles of persuasion and the psychology foundations required to craft effective attacks and bolsters this with many examples of what works from both cyber criminals and the authors experience in engagements. On top of these principles we provide a number of tools (produced in our engagements over the years and now available in the course) and also labs centered around the key technical skills required to measure your social engineering success and report it to your company or client.

You'll learn how to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. You'll also learn how to conduct pretexting exercises, and we wrap the course with a fun "Capture the Human" exercise to put what you've learned into practice. This is the perfect course to open up new attack possibilities, to better understand the human vulnerability in attacks and to let you practice snares that have proven themselves in tests time and time again.

Course Syllabus


In day 1 of the course we introduce you to key social engineering concepts, the goals of social engineering and a myriad of reconnaissance tools that will help prepare you for successful campaigns. We complete the day with exercises centered around the most popular and scalable form of social engineering, phishing. Each section includes how to execute the attack, what works and what doesn't and how to report on it to help the organization improve their defenses.

  • Recon & Profiling - applying the tools
  • Tracking Clicks - measuring your SE success
  • SET Site Cloning - building a believable phishing site
  • Data Logging - building more advanced credential and data theft portals

CPE/CMU Credits: 6

  • Social engineering introduction
  • The Psychology of Social Engineering
  • Social Engineering Goals
  • Setting up for Success
  • Targeting and Recon
  • Secure & Convincing Phishing
  • Tracking Clicks
  • Secure Phishing Forms

In day 2 we build on the principles covered in day 1 of the course to focus heavily on payloads for your social engineering engagements. We will cover how to avoid detection, limit the risk of your payloads causing issues and how to build a bespoke payload that works and looks the part of your selected snare. Following that we will introduce another powerful skill with pretexting and cover how these can be combined to get payloads running. We end the day with a capture the flag where students can apply their new found skills and a section covering the top dos and don'ts in an engagement.

  • Roll your own payload - limit risk, avoid detection and prove your pentest
  • Pretty Payloads - making your payloads look the part
  • Pretexting - persuading your way to data
  • Capture the Human - blended SE challenge

CPE/CMU Credits: 6

  • USB and Media Drops
  • Building a Payload
  • Clicks That Work
  • Successful Pretexting
  • Tailgating and Physical Access
  • Social Engineering Reports
  • SE: Where it all Fits
  • Risky Business

Additional Information

Security 567: Social Engineering for Penetration Testers course consists of instruction and hands-on sessions. The lab sessions are designed to enable students to implement the concepts and practices in an instructor-led environment. A properly configured laptop is recommended for this course.

There are a few items and pieces of software that you will need to navigate the course successfully:

  • A pair of headphones
  • A copy of VMWare (Player, Workstation or Fusion are all fine)
  • A Windows host (or a Windows VM)
  • 15GB of hard drive space
  • USB 3.0 Port(s)
  • 4 GB of RAM (8GB recommended)
  • The ability to connect to the Internet via a wired or wireless connection.

Some labs use a web browser. Those labs have been successfully tested on Windows based systems with Microsoft Internet Explorer, Google Chrome, Firefox, and Opera browsers. On Mac, the browser based labs have been tested with Safari and Google Chrome. The labs will also work with common Linux based browsers. Students with any one of those browsers installed will be able to complete the browser based labs.

By properly preparing, we know that you will have a knowledge rich and enjoyable lab experience.

If you have additional questions about the laptop specifications, please contact

  • Staff or consultant penetration testers looking to increase their test breadth and effectiveness
  • Security defenders looking to enhance their understanding of attack techniques to improve their defenses
  • Staff responsible for security awareness and education campaigns who want to understand how cyber criminals persuade their way through their defenses

Social engineering for penetration testers does not require existing penetration testing skills, however students with existing skills will be able to apply the course material and enhance other penetration testing disciplines with their newly acquired knowledge.

  • Course USB with VMWare image ready for the labs
  • Prebuilt phishing and data capture examples to customize in the future
  • Tools to track your phishing and build reports
  • Course books so you can review your techniques after class
  • Take on your first social engineering test in your company, or as a consultant.
  • Improve your social engineering know how to develop new variations or increase your snare rate.
  • Equip you to deal with some of the ethical and risk challenges associated with social engineering engagements.
  • Enhance other penetration testing disciplines through understanding human behavior and how to exploit it.

Author Statement

Social Engineering has always been a critical part of the cyber criminals' toolkit and has been at the core of innumerable attacks over the years. Social engineering as a part of penetration testing has become a massive interest of organizations and yet many penetration testers do not have it as a part of their attack toolkit. We are passionate about changing that and opening up a new set of attack possibilities. That being said, this is an area filled with ethical challenges, risks and even legal landmines and we've done our best to share our experiences in the course so people can reap the benefits of our experiences without falling in to the pitfalls we have over the years.

- James Lyne & Dave Shackleford

Additional Resources

Take your learning beyond the classroom. Explore our site network for additional resources related to this course's subject matter.

*CPE/CMU credits not offered for the SelfStudy delivery method

3 Training Results
Type Topic Course / Location / Instructor Date Register

Training Event
Penetration Testing Nov 9, 2016 -
Nov 10, 2016

Training Event
Penetration Testing Dec 10, 2016 -
Dec 11, 2016

Training Event
Penetration Testing
SANS 2017
Orlando, FL
Apr 7, 2017 -
Apr 8, 2017

*Course contents may vary depending upon location, see specific event description for details.