Social engineering is an amazingly effective technique that has one important advantage over many other attacks it allows adversaries or testers to bypass many of the technological controls in an environment by enabling them to act as, or with the assistance of, a trusted insider.
Any organization that employs humans is subject to risk. Social engineering allows the adversary to achieve a foothold in environments where technical controls may have made gaining such a foothold very difficult. Successful social engineering utilizes psychological principles and technical techniques to measure your success, manage the associated risk, and prepare an organization for social engineering attacks.
SEC467: Social Engineering for Security Professionals provides the blend of knowledge required to add social engineering skills to your penetration testing portfolio. The course provides tools and techniques for testers to identify flaws in their environments that are vulnerable to social engineering attacks. Defenders taking this course will note common tools and techniques that will enable them to prepare responses and countermeasures within their organizations. SEC467 covers the principles of persuasion and the psychological foundations required to craft effective attacks. It then bolsters that information with numerous examples of what works, drawing on the experiences of both cyber criminals as well as the course authors. You will learn how to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. You will also learn how to conduct pretexting exercises. We will wrap up the course with a fun Capture-the-Human exercise to put what you have learned into practice. This is the perfect course to open up new attack possibilities, better understand the human vulnerability in attacks, and practice snares that have proven themselves in tests time and time again.
You will learn:
- The psychological underpinnings of social engineering
- How to successfully execute your first social engineering test in your company or as a consultant
- Social engineering knowledge to develop new variations of attacks or increase your snare rate
- How to manage some of the ethical and risk challenges associated with social engineering engagements
- How to enhance other penetration testing disciplines by understanding human behavior and how to exploit it
You will receive with this course:
- Eight self-contained labs that you can run outside of class
- Windows and Linux VMs
- Sample documentation and templates
Important! Bring your own system configured according to these instructions!
A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. Therefore, we strongly urge you to arrive with a system meeting all the requirements specified for the course.
Some of the course exercises are based on Windows, while others focus on Linux. VMware Workstation is required for the class. If you plan to use a Macintosh, please make sure you bring VMware Fusion. Both Windows and Linux VMs are provided with the course, so you should not need to make any modifications to your host machine outside of installing VMware.
Host Operating System: Latest version of Windows 10, macOS 10.15.x or later, or Linux that also can install and run VMware virtualization products described below. Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this course.