Expected Accomplishments
This course will provide the target audience a better understanding of social engineering, the common tricks and risks/vulnerabilities associated. After learning the "attack" side of social engineering, participants will be equipped with the knowledge to play on "defence," to learn how to prevent and manage incidents that could also occur
The benefits for the target audience are enumerated here under :-
Understand the whys and hows of the social engineering process—and how to make the best use of it.
Gain savvy knowledge and apply it practically to prevent data breaches within the organization.
Set priorities and manage better organizational security and protection.
Implement best-in-class techniques to verify identity of information breaches or leaks.
Establish strict verification policies.
Imbibing knowledge pertaining to creation of social engineering protection mechanisms against attacks that cause organizational security threats
Course Outline
DAY 1
Introduction to Social Engineering
Evaluating the organizational risks
Assessing social engineering threats
Analyzing classic case studies
Thinking like a social engineer
Considering attack frameworks
Reviewing the methods of manipulation
Examining legal issues and social concerns
Gathering Information and Intelligence
Identifying information sources
Gathering information passively and actively
Leveraging social media
Exploiting Google hacking
Collecting target information
Ripping information from sites with the Harvester
Dumpster diving for secrets and intelligence
Profiling users for weaknesses
Minimizing information leaks
Securing information leaks
Implementing secure disposal policies
Pinpointing reconnaissance probe
DAY 2
Identifying Communication Models
Profiling an information architecture
Implementing the Berlo communication model
Source
Message
Channel
Receiver
Determining communication weaknesses
Addressing communication flaws
Verifying the source
Securing the information channel
Assessing Elicitation Methods
Drawing out information
Soliciting information
Interview techniques
Identifying elicitation tactics and goals
Mitigating information leaks
Maintaining situational awareness
Implementing scripted responses
Gaining Physical Access
Circumventing physical security
Identifying weak types of locks
Bypassing electronic access controls
Securing the environment
Implementing high security locks, Preventing lock bumping,
DAY 3
Impersonating Authorized Personnel
Gaining access with a disguise
Identifying spoofing techniques
Discovering change blindness deception
Assessing Internet impersonation techniques
Employing Psychology for Persuasion
Examining human weaknesses
Leveraging Cialdini’s motivation factors
Identifying mindlessness dangers
Exploring commitment and consistency vulnerability
Compelling behavior
Exploiting social proofing
Taking advantage of implied authority
Demanding action with "quid pro quo"
Bolstering resistance to persuasion
Adhering to policy and rules
Recognizing risky situations
Learning to interpret and then recognize
Implementing Management Countermeasures
Assessing social engineering vulnerabilities
Conducting a penetration test
Creating a scope of work
Mitigating legal issues and embarrassment
Creating comprehensive policies
Establishing verification policies
Regulating the use of social networks
Delivering effective security awareness training
