By the end of this training course, trainees will be able to :
- Defend against social engineering deceptions that threaten organizational security.
- Plan and evaluate security assessments for human weaknesses .
- Promote vigilance and implement procedures to defeat deceptions .
- Mitigate personnel vulnerabilities with security awareness .
- Measure their organization’s preparedness for attacks.
- People who want to learn how hackers hack into secure systems that do not have any vulnerabilities
- People who want to learn ethical hacking / social engineering
- Anybody who wants to learn how to secure their systems from social engineering attacks
- Introduction to Social Engineering .
- Evaluating the organizational risks :
-Assessing social engineering threats .
-Analyzing classic case studies .
-Thinking like a social engineer :
- Considering attack frameworks .
- Reviewing the methods of manipulation.
- phishing- Vishing- Smishing- Impersonation-Defences.
- Examining legal issues and social concerns .
- Gathering Information and Intelligence .
- Identifying information sources :
- Gathering information passively and actively.
- Leveraging social media .
- Exploiting Google hacking.
- Collecting target information :
- Ripping information from sites with the Harvester .
- Dumpster diving for secrets and intelligence .
- Profiling users for weaknesses.
- Minimizing information leaks :
- Securing information leaks .
- Implementing secure disposal policies .
- Pinpointing reconnaissance probes .
- Identifying Communication Models .
- Profiling an information architecture :
- Implementing the Berlo communication model
- Source .
- Message .
- Channel .
- Receiver .
- Determining communication weaknesses .
- Addressing communication flaws
- Verifying the sources.
- Securing the information channel .
- Assessing Elicitation Methods .
- Drawing out information .
- Soliciting information.
- Interview techniques .
- Identifying elicitation tactics and goals .
- Mitigating information leaks :
- Maintaining situational awareness .
- Implementing scripted responses .
- Gaining Physical Access .
- Circumventing physical security :
- Identifying weak types of locks .
- Bypassing electronic access controls.
-Securing the environment:
- Implementing high securi.ty locks .
- Preventing lock bumping.
- Impersonating Authorized Personnel .
- Gaining access with a disguise :
- Identifying spoofing techniques .
- Discovering change blindness deception .
- Assessing Internet impersonation techniques.
- Defending against impersonation and forgery:
- Implementing techniques to verify identity .
- Avoiding skimmers and hidden technology threats .
- Employing Psychology for Persuasion .
- Examining human weaknesses :
- Leveraging Cialdini’s motivation factors.
- Identifying mind lessness dangers .
- Exploring commitment and consistency vulnerability.
- Compelling behavior :
- Exploiting social proofing .
- Taking advantage of implied authority.
- Demanding action with "quid pro quo".
- Bolstering resistance to persuasion :
- Adhering to policy and rules .
- Recognizing risky situations .
- Learning to interpret and then recognize .
- Implementing Management Countermeasures .
- Assessing social engineering vulnerabilities :
- Conducting a penetration test .
- Creating a scope of work.
- Mitigating legal issues and embarrassment .
- Creating comprehensive policies :
- Establishing verification policies .
- Regulating the use of social networks .
- Delivering effective security awareness training.
- Social Engineering Training: Deceptions and Defenses Delivery Methods :
- Before/After-course instructor coaching benefit.
- Practical exercises.
- End-of-course evaluation included .