Featured image
Truesec pattern
Training
$1,835

Social Engineering, the Human Side of Security [2 Days]

Share

To improve your organization's resilience against social engineering, you must first understand the anatomy of social engineering attacks. This social engineering class is developed by leading experts at Truesec who not only investigate real social engineering attacks, but also perform social engineering attacks themselves in assessments and Red Team engagements.

A unique hands-on lab for IT managers and security professionals that covers all vectors of social engineering attacks. Learn how to run a phishing campaign to train your users and how to investigate a suspected phishing attack. Besides phishing, this course covers CEO scams, vishing (phone calls), malicious software, physical intrusions, and many other social engineering vectors.

This two-day class wraps up with a discussion on frameworks and methodologies to increase user awareness and maximize the results of user training.

Level:
200-300

Who Should Attend:
IT security professionals, CISOs, CSOs

Prerequisites:

  • Basic understanding of IT
  • Preferably a technical background or technical role

Goals:

  • Understand how attackers think and different social engineering vectors.
  • Understanding of fundamental psychological principles.
  • Practical use of tools to create phishing campaigns to test your organization.
  • Learn how to investigate phishing and social engineering attacks.
  • Recommended approaches to create awareness and training programs.

Material:

  • Virtual machines:
    • Windows 10
    • Kali Linux
  • Office 365 demo tenant

Class Outline

Day 1:

  • Introduction to social engineering
  • Demo: Spearphishing with MFA bypass
  • Recon:
    • Open sources (OSINT)
    • Human sources (HUMINT)
    • Technical recon
  • Phishing:
    • Scenarios and delivery techniques
    • Landing pages, hosting, website cloning, credential collection
    • Post-breach activities: forwarding rules, internal phishing, exfiltration, etc.
    • Protection and detection
  • Sender mailbox
  • Landing pages
  • Post-breach: Forwarding rules, internal phishing, mailbox dumping, etc.
  • Challenge
    • Create a phishing campaign
    • Exfiltrate data from hijacked mailboxes and create forward rules
    • Investigate each other’s campaigns

Day 2:

  • Psychological principles, criminology, and manipulation
  • Vishing:
    • Demo: Caller ID spoofing
  • Physical intrusions:
    • Challenge: Lockpicking
  • Malware
    • Introduction to basic concepts
    • Delivery, concealment, covert channels, and persistence
    • Protection and detection
    • Demo
  • Cyber training and awareness

Enquire training

Online trainings

See all trainings
M365 Security Boost
Training
$750

M365 Security Boost

Application Security Testing and Mitigation for Developers and Testers
Training

Application Security Testing and Mitigation for Developers and Testers

Secure Coding Patterns
Training

Secure Coding Patterns

Implementing Microsoft 365 Security Solutions
Training
$1,895

Implementing Microsoft 365 Security Solutions

Managing Endpoints With Microsoft Intune
Training

Managing Endpoints With Microsoft Intune

Mobile Device Management Using Microsoft Intune
Training
$1,595

Mobile Device Management Using Microsoft Intune

Introduction to PowerShell
Training
$3,495

Introduction to PowerShell

Introduction to Windows 10 Management
Training

Introduction to Windows 10 Management

Social Engineering, the Human Side of Security [2 Days]
Training
$1,835

Social Engineering, the Human Side of Security [2 Days]

Cybersecurity Threats and Defenses in a Microsoft 365 Platform
Training
$4,995

Cybersecurity Threats and Defenses in a Microsoft 365 Platform

Stay ahead in cyber

Join 1000+ other cyber professionals that get monthly updates from us with the key things to know.

You might also like...

Go to Knowledge Hub