The access to this course is restricted to eForensics Premium or IT Pack Premium Subscription
- An introduction to social engineering that's practical and down-to-earth, with just enough theory to get you going and lots of practical examples
- A comprehensive look at all aspects of social engineering, from psychology to useful software.
- Practical challenges that will thoroughly test your skills but will still be fun and creative
- An introduction to a multitude of social engineering techniques, so your practice can be flexible and you can stay prepared for every situation;
- An overview of many social engineering tools along with tutorials and exercises, so that after the course you have a large portfolio to choose the best instruments for your socialengineering efforts;
- Self-paced study program
Module 1: Excuse-me sir, could you give me your password?
- Introduction To Social Engineering
- Defining Social Engineering
- Social Engineering Life Cycle
- Introduction to Influence & Manipulation
- Introduction to Influence Aspects of Social Engineering
- Introduction to Personality Types
- Digital Profiling: Creating our Initial Repository with Dradis Framework
- Assignments: Social Engineering goes to Gotham
Finishing module I the student will be able to know the principles of social engineering, how it can interact more effectively with their target, how to create rapport and how to think like a social engineering about the engagements.
Module 2: I know what you did last summer
- Introduction to Digital Information Gathering
- Introduction to OSINT – Open Source Intelligence
- OSINT Frameworks & Tools
- Shodan – The First Search Engine for Internet of Things
- Scythe Framework
- Recon-NG Framework
- SpiderFoot: Open Source Intelligence Automation
- Paterva Maltego
- FOCA: Target Information Gathering with Metadata
- Google Hacking – Using Google Dorks
- Introduction to Cold Calling
- Demonstration of Spoofcard App on Android – Video
- Module II Assignments: Recon-ng practice, Zeus Botnet Practice, Dradis Practice
Finishing module II the student will be able to collect huge amounts of digital data about their victim, how to search valuable information using open source repositories, how to install and use these tools together and how to prepare itself to create a new SE engagement using phone calling.
Module 3: The Heist
- Morning Catch – Client Side Attacks Laboratory
- The Social Engineer Toolkit (SET)
- Spear Phishing Attack Vectors
- Web Attack Vectors – Java Applet Attack Method
- Web Attack Vectors – Metasploit Browser Exploit Method
- Web Attack Vectors – Credential Harvester Attack Method
- Simple Phishing Toolkit
- Phishing Frenzy
- Creating a Phishing Campaign
- Credential Harvesting Template Creation
- Email Enumeration within Phishing-Frenzy
- Powershell Attack Vectors – Video
- Social Engineering Ninja V0.4
- Week 3 Assignments: BeEF Practice, Phishing Frenzy Practice, Morning Catch Practice
Finishing module III the student will know how to install, use and obtain profit of a huge amount of tools to attack their target. I will show how to integrate many tools that come with Kali Linux and other ones. At this module the student will know how to look for online information and how to create a attack scenario.
Module 4: Scavenging and Looting
- Hidden Camera Gears
- GPS Trackers
- Introduction to lockpicking
- Hidden Audio Recorders
- Hardware Keyloggers
- Hak5 Stuff
- Final Test
Finishing module IV the student will know how to use the access that he obtain using social engineering to collect information. Ambient Sound recording, enabling remote webcam, copying information outside the corporate network.
Anderson Tamborim is an Information Security Specialist with more than 12 years of experience in the field. He possesses huge expertise in Penetration Testing on corporate environment, developing advanced techniques to bypass security devices like IDS/IPS, firewalls, content filters and endpoint security systems (antivirus, antimalware, hids, etc.). Today Anderson works as a Security Researcher and Lead Penetration Testing at NextLayer Security Solutions.