Social engineering, the human side of security

Learn how attackers targets your users and what you can do about it

Book lab

    We don´t have this training scheduled right now. Let us know that you´re interested in this training using the form below.

To improve your organizations resilience against social engineering you must first understand the anatomy of social engineering attacks.

This social engineering class is developed by leading experts at Truesec who not only investigate real social engineering attacks, but also perform social engineering attacks themselves in assessments and red team engagements.

A unique hands-on lab for IT managers and security professionals that covers all vectors of socialengineering attacks. 
Learn how to run a phishing campaign to train your users and how to investigate a suspected phishing attack.
Besides phishing, this course covers CEO scams, vishing (phone calls), malware delivery, physical intrusions and many other social engineering vectors. 

This two day class wraps up with a guest lecture about frameworks and methodologies to increase 
user awareness and maximize results of user training.

 

Level:
200-300

Who should attend:
IT security professionals, CISOs, CSOs

Prerequisites:

  • Basic understanding of IT
  • Preferably a technical background or technical role 

Goal:

  • Understand how attackers think and different social engineering vectors
  • Understanding of fundamental psychological principles 
  • Practical use of tools to create phishing campaigns to test your organization
  • Learn how to investigate phishing and social engineering attacks 

Recommended approaches to create awareness and training programs

Material:
Virtual machines 
Windows 10:

  • Office suite 
  • Social engineering tools 

Office 365 tenant to simulate and investigate phishing attacks 

 

Class outline

Day 1:

  • Introduction to social engineering
  • Demo
  • Spear-phishing 
  • MFA bypass
  • Recon
  • Open sources 
  • Human sources
  • Technical recon 
  • Phishing 
  • Sender mailbox
  • Landing pages
  • Post-breach: Fowarding rules, internal phishing, mailbox dumping, etc
  • Challenge
  • Create a phishing campaign with GoPhish 
  • Dump mailboxes and create forward rules 
  • Investigate each other’s campaigns 

Day 2: 

  • Psychological principles, criminology and manipulation
  • Vishing 
  • Demo: Caller ID spoofing
  • Physical intrusions
  • Challenge: Lockpicking 
  • Malware 
  • Demo: Reverse shell with an Office macro 
  • Bypassing link-scanning 
  • Delivery methods 
  • Cyber training programs
  • Cyber awareness programs

 

 

 

Book lab

    We don´t have this training scheduled right now. Let us know that you´re interested in this training using the form below.