Courses Details
Course Overview
The 3-days training program enables participants to understand how to prevent data breaches and better protect their organization from social engineers by understanding their motivations and methods. In this training course, you learn how to secure and mitigate information leaks, implement techniques to verify identity, establish strict verification policies, and create social engineering protection against attacks that threaten organizational security. 
Course Schedule
Target Audience
  • Staff or consultant penetration testers looking to increase their test breadth and effectiveness
  • Security defenders looking to enhance their understanding of attack techniques to improve their defenses
  • Staff responsible for security awareness and education campaigns who want to understand how cyber criminals persuade their way through their defenses
Course Objectives
The Key Learning Outcomes are:
Defend against social engineering deceptions that threaten organizational security
Plan and evaluate security assessments for human weaknesses
Promote vigilance and implement procedures to defeat deceptions
Mitigate personnel vulnerabilities with security awareness
Measure your organization’s preparedness for attacks
Course Prerequisites
No special prerequisites
Expected Accomplishments
This course will provide the target audience a better understanding of social engineering, the common tricks and risks/vulnerabilities associated. After learning the "attack" side of social engineering, participants will be equipped with the knowledge to play on "defence," to learn how to prevent and manage incidents that could also occur

The benefits for the target audience are enumerated here under :-

Understand the whys and hows of the social engineering process—and how to make the best use of it.
Gain savvy knowledge and apply it practically to prevent data breaches within the organization.
Set priorities and manage better organizational security and protection.
Implement best-in-class techniques to verify identity of information breaches or leaks.
Establish strict verification policies.
Imbibing knowledge pertaining to creation of social engineering protection mechanisms against attacks that cause organizational security     threats

Course Outline

Introduction to Social Engineering
Evaluating the organizational risks
Assessing social engineering threats
Analyzing classic case studies
Thinking like a social engineer
Considering attack frameworks
Reviewing the methods of manipulation
Examining legal issues and social concerns

Gathering Information and Intelligence
Identifying information sources
Gathering information passively and actively
Leveraging social media
Exploiting Google hacking
Collecting target information
Ripping information from sites with the Harvester
Dumpster diving for secrets and intelligence
Profiling users for weaknesses
Minimizing information leaks
Securing information leaks
Implementing secure disposal policies
Pinpointing reconnaissance probe

Identifying Communication Models
Profiling an information architecture
Implementing the Berlo communication model
Determining communication weaknesses
Addressing communication flaws
Verifying the source
Securing the information channel

Assessing Elicitation Methods
Drawing out information
Soliciting information
Interview techniques
Identifying elicitation tactics and goals
Mitigating information leaks
Maintaining situational awareness
Implementing scripted responses

Gaining Physical Access
Circumventing physical security
Identifying weak types of locks
Bypassing electronic access controls
Securing the environment
Implementing high security locks, Preventing lock bumping, 

Impersonating Authorized Personnel
Gaining access with a disguise
Identifying spoofing techniques
Discovering change blindness deception
Assessing Internet impersonation techniques

Employing Psychology for Persuasion
Examining human weaknesses
Leveraging Cialdini’s motivation factors
Identifying mindlessness dangers
Exploring commitment and consistency vulnerability
Compelling behavior
Exploiting social proofing
Taking advantage of implied authority
Demanding action with "quid pro quo"
Bolstering resistance to persuasion
Adhering to policy and rules
Recognizing risky situations
Learning to interpret and then recognize

Implementing Management Countermeasures
Assessing social engineering vulnerabilities
Conducting a penetration test
Creating a scope of work
Mitigating legal issues and embarrassment
Creating comprehensive policies
Establishing verification policies
Regulating the use of social networks
Delivering effective security awareness training