TRS0921

Ladda ner som PDF

Social engineering, the human side of security

Learn how attackers targets your users and what you can do about it.

To improve your organizations resilience against social engineering you must first understand the anatomyof social engineering attacks.

This social engineering class is developed by leading experts at Truesec who not only investigate real social engineering attacks, but also perform social engineering attacks themselves in assessments and red team engagements.

A unique hands-on lab for IT managers and security professionals that covers all vectors of socialengineering attacks. 
Learn how to run a phishing campaign to train your users and how to investigate a suspected phishing attack.
Besides phishing, this course covers CEO scams, vishing (phone calls), malware delivery, physical intrusions and many other social engineering vectors. 

This two day class wraps up with a guest lecture about frameworks and methodologies to increase 
user awareness and maximize results of user training.

Målgrupp

IT security professionals, CISOs, CSOs

Förkunskaper

- Basic understanding of IT 
- Preferably a technical background or technical role

Nivå:
200-300

Målsättning:

- Understand how attackers think and different social engineering vectors
- Understanding of fundamental psychological principles 
- Practical use of tools to create phishing campaigns to test your organization
- Learn how to investigate phishing and social engineering attacks 
- Recommended approaches to create awareness and training programs


Material:
Virtual machines 
Windows 10:
- Office suite 
- Social engineering tools 
Office 365 tenant to simulate and investigate phishing attacks 


Detaljerad beskrivning
Day 1:
- Introduction to social engineering
- Demo
o Spear-phishing 
o MFA bypass
- Recon
o Open sources 
o Human sources
o Technical recon 
- Phishing 
o Sender mailbox
o Landing pages
o Post-breach: Fowarding rules, internal phishing, mailbox dumping, etc
- Challenge
o Create a phishing campaign with GoPhish 
o Dump mailboxes and create forward rules 
o Investigate each other’s campaigns 
Day 2: 
- Psychological principles, criminology and manipulation
- Vishing 
o Demo: Caller ID spoofing
- Physical intrusions
o Challenge: Lockpicking 
- Malware 
o Demo: Reverse shell with an Office macro 
o Bypassing link-scanning 
o Delivery methods 
- Cyber training programs
- Cyber awareness programs

 

 
Nivå:
200-300

Målsättning:

- Understand how attackers think and different social engineering vectors
- Understanding of fundamental psychological principles 
- Practical use of tools to create phishing campaigns to test your organization
- Learn how to investigate phishing and social engineering attacks 
- Recommended approaches to create awareness and training programs


Material:
Virtual machines 
Windows 10:
- Office suite 
- Social engineering tools 
Office 365 tenant to simulate and investigate phishing attacks 


Detaljerad beskrivning
Day 1:
- Introduction to social engineering
- Demo
o Spear-phishing 
o MFA bypass
- Recon
o Open sources 
o Human sources
o Technical recon 
- Phishing 
o Sender mailbox
o Landing pages
o Post-breach: Fowarding rules, internal phishing, mailbox dumping, etc
- Challenge
o Create a phishing campaign with GoPhish 
o Dump mailboxes and create forward rules 
o Investigate each other’s campaigns 
Day 2: 
- Psychological principles, criminology and manipulation
- Vishing 
o Demo: Caller ID spoofing
- Physical intrusions
o Challenge: Lockpicking 
- Malware 
o Demo: Reverse shell with an Office macro 
o Bypassing link-scanning 
o Delivery methods 
- Cyber training programs
- Cyber awareness programs

 

 

Utbildningen levereras i samarbete med

Kursfakta

Kurs-ID: TRS0921
Längd: 2 dag
Pris exkl moms: 16 950 kr
Kan betalas med:
TRAINING CARD

Avtalsrabatter och kampanjer kan ej nyttjas på denna kurs.


Lämna dina kontaktuppgifter om du önskar en företagsintern utbildning.

Tipsa