SEC467: Social Engineering for Security Professionals

  • In Person (2 days)
  • Online
12 CPEs
SEC467 will prepare you to add social engineering skills to your security strategy. In this course, you will learn how to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. You will also learn how to conduct pretexting exercises, and you will put what you have learned into practice with a fun Capture-the-Human exercise. SEC467 will open up new attack possibilities, help you better understand the human vulnerability in attacks, and provide you with hands-on practice with snares that have been proven effective.

What You Will Learn

Social engineering is an amazingly effective technique that has one important advantage over many other attacks - it allows adversaries or testers to bypass many of the technological controls in an environment by enabling them to act as, or with the assistance of, a trusted insider.

Any organization that employs humans is subject to risk. Social engineering allows the adversary to achieve a foothold in environments where technical controls may have made gaining such a foothold very difficult. Successful social engineering utilizes psychological principles and technical techniques to measure your success, manage the associated risk, and prepare an organization for social engineering attacks.

SEC467: Social Engineering for Security Professionals provides the blend of knowledge required to add social engineering skills to your penetration testing portfolio. The course provides tools and techniques for testers to identify flaws in their environments that are vulnerable to social engineering attacks. Defenders taking this course will note common tools and techniques that will enable them to prepare responses and countermeasures within their organizations. SEC467 covers the principles of persuasion and the psychological foundations required to craft effective attacks. It then bolsters that information with numerous examples of what works, drawing on the experiences of both cyber criminals as well as the course authors. You will learn how to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. You will also learn how to conduct pretexting exercises. We will wrap up the course with a fun Capture-the-Human exercise to put what you have learned into practice. This is the perfect course to open up new attack possibilities, better understand the human vulnerability in attacks, and practice snares that have proven themselves in tests time and time again.

You will learn

  • The psychological underpinnings of social engineering
  • How to successfully execute your first social engineering test in your company or as a consultant
  • Social engineering knowledge to develop new variations of attacks or increase your snare rate
  • How to manage some of the ethical and risk challenges associated with social engineering engagements
  • How to enhance other penetration testing disciplines by understanding human behavior and how to exploit it

You will receive with this course

  • Eight self-contained labs that you can run outside of class
  • Windows and Linux VMs
  • Sample documentation and templates

Syllabus (12 CPEs)

Download PDF
  • Overview

    Section one of the course introduces you to key social engineering concepts, the goals of social engineering, and a myriad of reconnaissance tools to help prepare you for successful campaigns. We complete the section with exercises centered around the most popular and scalable form of social engineering: phishing. Each exercise includes how to execute the attack, what works and what doesn't, and how to report on the attack to help the organization improve its defenses.

    • Recon and Profiling: Applying the tools
    • Tracking Clicks: Measuring your social engineering success
    • SET Site Cloning: Building a believable phishing site
    • Data Logging: Building more advanced credential and data theft portals
    • Psychology of Social Engineering
    • Targeting and Recon
    • Secure and Convincing Phishing
    • Tracking Clicks
    • Secure Phishing Forms
  • Overview

    Section two builds on the principles covered in the previous section to focus heavily on payloads for your social engineering engagements. We will cover how to avoid detection, limit the risk of your payloads causing issues, and build a bespoke payload that works and looks the part of your selected snare. We will then introduce another powerful skill with pretexting and cover how it can be combined to get payloads running. We end the section with a Capture-the-Human exercise in which students can apply their newly found skills and with a look at the top dos and donts in an engagement.

    • PowerShell Payloads: Creating and deploying a PowerShell-based backdoor
    • Roll Your Own Payload: Limit risk, avoid detection, and prove your penetration test
    • Pretty Payloads: Making your payloads look the part
    • Pretexting: Persuading your way to data
    • Capture the Human: Blended social engineering challenge
    • USB and Media Drops
    • Building a Payload
    • Clicks That Work
    • Successful Pretexting
    • Tailgating and Physical Access
    • Social Engineering Reports
    • Social Engineering: Where It All Fits
    • Risky Business


SEC467 does not require existing penetration testing skills, but students who have those skills will be better able to apply the course material and enhance other penetration testing disciplines with their newly acquired knowledge.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

  • CPU: 64-bit Intel i5/i7 (8th generation or newer), or AMD equivalent. A x64 bit, 2.0+ GHz or newer processor is mandatory for this class.
  • CRITICAL: Apple systems using the M1/M2/M3 processor line cannot perform the necessary virtualization functionality and therefore cannot in any way be used for this course.
  • BIOS settings must be set to enable virtualization technology, such as "Intel-VTx" or "AMD-V" extensions. Be absolutely certain you can access your BIOS if it is password protected, in case changes are necessary.
  • 8GB of RAM or more is required.
  • 60GB of free storage space or more is required.
  • At least one available USB 3.0 Type-A port. A Type-C to Type-A adapter may be necessary for newer laptops. Some endpoint protection software prevents the use of USB devices, so test your system with a USB drive before class.
  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.

Additional requirements for this course:

  • You will need a pair of headphones to listen to audio and video components of the labs in this course.
  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.
  • Local Administrator Access is required. (Yes, this is absolutely required. Don't let your IT team tell you otherwise.) If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different laptop.
  • You should ensure that antivirus or endpoint protection software is disabled, fully removed, or that you have the administrative privileges to do so. Many of our courses require full administrative access to the operating system and these products can prevent you from accomplishing the labs.
  • Any filtering of egress traffic may prevent accomplishing the labs in your course. Firewalls should be disabled or you must have the administrative privileges to disable it.
  • Download and install VMware Workstation Pro 16.2.X+ or VMware Player 16.2.X+ (for Windows 10 hosts), VMware Workstation Pro 17.0.0+ or VMware Player 17.0.0+ (for Windows 11 hosts), or VMWare Fusion Pro 12.2+ or VMware Fusion Player 11.5+ (for macOS hosts) prior to class beginning. If you do not own a licensed copy of VMware Workstation Pro or VMware Fusion Pro, you can download a free 30-day trial copy from VMware. VMware will send you a time-limited serial number if you register for the trial at their website. Also note that VMware Workstation Player offers fewer features than VMware Workstation Pro. For those with Windows host systems, Workstation Pro is recommended for a more seamless student experience.
  • On Windows hosts, VMware products might not coexist with the Hyper-V hypervisor. For the best experience, ensure VMware can boot a virtual machine. This may require disabling Hyper-V. Instructions for disabling Hyper-V, Device Guard, and Credential Guard are contained in the setup documentation that accompanies your course materials.
  • Download and install 7-Zip (for Windows Hosts) or Keka (for macOS hosts). These tools are also included in your downloaded course materials.

Your course media is delivered via download. The media files for class can be large. Many are in the 40-50GB range, with some over 100GB. You need to allow plenty of time for the download to complete. Internet connections and speed vary greatly and are dependent on many different factors. Therefore, it is not possible to give an estimate of the length of time it will take to download your materials. Please start your course media downloads as soon as you get the link. You will need your course media immediately on the first day of class. Do not wait until the night before class to start downloading these files.

Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs.

If you have additional questions about the laptop specifications, please contact support.

Author Statement

"Social engineering has always been a critical part of the cyber criminals toolkit and has been at the core of innumerable attacks over the years. Organizations are taking significant interest in social engineering as a part of penetration testing, yet many penetration testers do not have social engineering skills in their attack toolkit. We are passionate about changing that and opening up a new set of attack possibilities. That being said, this is an area filled with ethical challenges, risks, and even legal landmines. So weve done our best to share our experiences in the course in a way that enables people to reap the benefits of our experiences without enduring the pitfalls we have dealt with over the years." - Dave Shackleford and James Leyte-Vidal 

Register for SEC467

Prices below exclude applicable taxes and shipping costs. If applicable, these will be shown on the last page of checkout.