SEC567: Social Engineering for Penetration Testers provides the blend of knowledge required to add social engineering skills to your penetration testing portfolio. Successful social engineering utilizes psychological principles and technical techniques to measure your success and manage the risk. SEC567 covers the principles of persuasion and the psychology foundations required to craft effective attacks and bolsters this with many examples of what works from both cyber criminals and the authors experience in engagements. On top of these principles we provide a number of tools (produced in our engagements over the years and now available in the course) and also labs centered around the key technical skills required to measure your social engineering success and report it to your company or client.
You'll learn how to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. You'll also learn how to conduct pretexting exercises, and we wrap the course with a fun "Capture the Human" exercise to put what you've learned into practice. This is the perfect course to open up new attack possibilities, to better understand the human vulnerability in attacks and to let you practice snares that have proven themselves in tests time and time again.
SEC567.1: Social Engineering Fundamentals, Recon, and Phishing
In day 1 of the course we introduce you to key social engineering concepts, the goals of social engineering and a myriad of reconnaissance tools that will help prepare you for successful campaigns. We complete the day with exercises centered around the most popular and scalable form of social engineering, phishing. Each section includes how to execute the attack, what works and what doesn't and how to report on it to help the organization improve their defenses.
CPE/CMU Credits: 6
SEC567.2: Media Drops and Payloads, Pretexting, Physical Testing, and Reporting
In day 2 we build on the principles covered in day 1 of the course to focus heavily on payloads for your social engineering engagements. We will cover how to avoid detection, limit the risk of your payloads causing issues and how to build a bespoke payload that works and looks the part of your selected snare. Following that we will introduce another powerful skill with pretexting and cover how these can be combined to get payloads running. We end the day with a capture the flag where students can apply their new found skills and a section covering the top dos and don'ts in an engagement.
CPE/CMU Credits: 6
Who Should Attend
Social engineering for penetration testers does not require existing penetration testing skills, however students with existing skills will be able to apply the course material and enhance other penetration testing disciplines with their newly acquired knowledge.
What You Will Receive
This Course Will Prepare You To