This one day course provides a unique insight into both their own ethical social engineering assessments and malicious social engineering in the wild. Providing practical workshops, live demos to hone your attacking skills and teaching you the techniques needed to protect against social engineering attacks. Advanced Social Engineering aims to apply knowledge to a corporate scenario, giving security personnel the skills needed to implement a good level of social engineering defence within organisations.
Module 1 – Planning a Social Engineering Attack
Underlying techniques used by social engineers in the planning stages of an attack.
- Complex fraud scenarios and planning for a realistic attack Phishing / SMShing / Vishing
- Gathering credentials
- Mailbox exfiltration
- Wireless attacks and network auditing
- Dumpster diving
Module 2 – The Attack and Physical Engagement
How to get past security measures and what happens next.
- Tailgaiting, Lockpicking and RFID cloning
- Using your pretext to gain entry
- Psychology techniques, impersonation
- Planting rogue network devices
- Level of access available
- Strong considerations to ethics and professionalism to avoid disruption
- Dealing with negative situations and reputational damage
Module 3 – Defence: what can an organisation do to defend against this?
- Practical tips and advice on implementation.
- A look to more advanced features of attacks, reducing focus on metrics and statistics.
- We share what we have learnt so you can protect your organisation against physical attacks
Module 4 – Looking Ahead
- 2020 Trends in social engineering and how the attacks will vary in the future