Social Engineering for Security Professionals
Are you looking to add social engineering skills to your security strategy? The ‘Social Engineering for Security Professionals’ (SEC467) course provides participants with a blend of knowledge required to add social engineering skills to one’s penetration testing portfolio. The tools and techniques examined during the course will enable defenders to identify vulnerabilities to social engineering attacks, and will enable them to establish countermeasures and responses.
The course syllabus is split into two parts:
- Social engineering fundamentals, recon, and phishing
- Media drops and payloads, pretexting, physical testing, and reporting
Learning outcomes
SEC467 covers the principles of effective attacks, illustrating the coures content this with examples pulled from both cybercriminals and the course authors. Participants will be able to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. The course wraps up with a Capture-the-Human exercise, which puts all the theoretical knowledge into practice. Through hands-on practice and real-life examples, the SEC467 courses provides participants with knowledge and skills to better understand the human vulnerability in attacks.
Participants will learn:
- Social engineering’s psychological underpinnings
- How to successfully execute their first social engineering test in their company or as a consultant
- Social engineering knowledge to develop new variations of attacks or increase their snare rate
- How to manage some of the ethical and risk challenges associated with social engineering engagements
- How to enhance other penetration testing disciplines by understanding human behaviour and how to exploit it
Who is this made for?
The course is targeted towards:
- Penetration testers looking to increase their testing breadth and effectiveness
- Security defenders looking to enhance their understanding of attack techniques to improve their defenses
- Staff responsible for security awareness and education campaigns who want to understand how cyber criminals persuade their way through their defenses
Requirements
There are no skills or knowledge prerequisites, but students with existing knowledge and skills will be able to better apply the course material. The course has laptop requirements, which are detailed in the course website.