Social engineering, the human side of security

Learn how attackers targets your users and what you can do about it

Book lab

    We don´t have this training scheduled right now. Let us know that you´re interested in this training using the form below.

To improve your organizations resilience against social engineering you must first
understand the anatomy of social engineering attacks.

This social engineering class is developed by leading experts at Truesec who not only
investigate real social engineering attacks, but also perform social engineering attacks
themselves in assessments and red team engagements.

A unique hands-on lab for IT managers and security professionals that covers all vectors
of social engineering attacks.
Learn how to run a phishing campaign to train your users and how to investigate a suspected
phishing attack. Besides phishing, this course covers CEO scams, vishing (phone calls),
malicious software, physical intrusions and many other social engineering vectors.

This two day class wraps up with a discussion on frameworks and methodologies to increase
user awareness and maximize results of user training.

 

Level:
200-300

Who should attend:
IT security professionals, CISOs, CSOs

Prerequisites:

  • Basic understanding of IT
  • Preferably a technical background or technical role 

Goal:

  • Understand how attackers think and different social engineering vectors
  • Understanding of fundamental psychological principles 
  • Practical use of tools to create phishing campaigns to test your organization
  • Learn how to investigate phishing and social engineering attacks
  • Recommended approaches to create awareness and training programs

 

Material:

  • Virtual machines:
    • Windows 10
    • Kali Linux
  • Office 365 demo tenant

Class outline

Day 1:

  • Introduction to social engineering
  • Demo: Spear-phising with MFA bypass
  • Recon:
    • Open sources (OSINT)
    • Human sources (HUMINT)
    • Technical recon 
  • Phishing:
    • Scenarios and delivery techniques
    • Landing pages, hosting, website cloning, credential collection
    • Post-breach activities: forwarding rules, internal phishing, exfiltration, etc
    • Protection and detection
  • Sender mailbox
  • Landing pages
  • Post-breach: Fowarding rules, internal phishing, mailbox dumping, etc
  • Challenge
    • Create a phishing campaign
    • Exfiltrate data from hijacked mailboxes and create forward rules
    • Investigate each other’s campaigns

Day 2: 

  • Psychological principles, criminology and manipulation
  • Vishing:
    • Demo: Caller ID spoofing
  • Physical intrusions:
    • Challenge: Lockpicking 
  • Malware 
    • Introduction to basic concepts
    • Delivery, concealment, covert channels and persistence
    • Protection and detection
    • Demo
  • Cyber training and awareness

Book lab

    We don´t have this training scheduled right now. Let us know that you´re interested in this training using the form below.