The Social Engineering Master Course

The Social Engineering Master Course teaches the best tactics, techniques, procedures and gives you the tools to become a thoroughly effective social engineer. This course is taught in a highly interactive manner with hours of workshops and exercises that will prepare the students for high-end social engineering engagements.

Among the many topics covered are:
  • Extracting information without asking questions
  • Techniques to build consensus and influence your target
  • Leading with calibrated questions
  • Testing whether your target will follow through with how you want them to behave
  • Building an advance spear-phishing framework in the cloud
  • Mastering Microsoft Office macros for exploitation
  • Attacking users with malicious USB sticks

Course Outcome
Students will learn up-to-date social engineering techniques for security testing purposes.
If your job includes helping employees defend themselves against social engineering, this course will shed light on the attackers’ offensive playbook(s) and teaches best-practice defence techniques that are rarely covered in security awareness courses. An entire module at the end of the class is dedicated to how to social engineer employees can effectively defeat social engineers.

Intended Audience
Penetration testers, Red Teamers, social-engineers, incident responders, malware analysts, security engineers, forensics analysts, and people whose job includes helping employees defend against social engineering will find this course highly valuable.

Instructor(s)
This course is taught by experienced Mossé Security’s instructors. Our instructors have over 10 years of experience delivering penetration testing, red teaming and incident response services for a multitude of industries that have involved complex and multi-faceted approaches. Our instructors each possess the right balance of corporate experience and are competently skilled in presenting and teaching to groups.
Beyond their technical abilities and years of professional experience, our instructors are also trained teachers and public speakers. Their manner of teaching easily conveys their passion for computer security to every one of our students.

Course Outline:

Module 1: Introduction
We begin the course with a short history of Social Engineering as it is relevant to computer security. We debunk many of the theories and concepts that many social engineers once believed to be effective but that the latest psychology research disproved. Finally, we present a modern framework for conducting social engineering that will be taught in the class.

Module 2: Social Engineering Skills
In this module, we impart the most effective social engineering techniques. Those techniques range across a multitude of areas such as elicitation, framing, pretexting, influencing, body language, mirroring, labelling, questioning, extracting information covertly, controlling the conversation, preparing a game plan, and working as a team.
This module is taught through fun workshops, exercises and roleplays. By the time this module is complete, students will gain a considerable amount of confidence in their skills to conduct face-to-face social engineering exercises against difficult targets.

Module 3: Advanced Spear Phishing
Spear-phishing is the most common social-engineering technique employed by cyber adversaries to obtain an initial foothold in computer networks over the Internet. In this module, we convey advanced spear-phishing tactics and tricks that students can employ to build an advanced spear-phishing framework, avoid detection, overcome objections and obtain remote network access onto their targets via email.
By the end of this module, students will know how to rapidly deploy spear-phishing attacks against any targets, be equipped with multiple attack payloads and pretexts that will ensure the exploitation of their targets.

Module 4: Penetration Testing Toolkit
In this module, the students will learn how to build their very own social engineering toolkit for penetration testing purposes. Many tools and techniques will be covered in depth such as: advanced office macros, attacks via USB, rapid C2 infrastructure deployment, highly effective email templates, HTML scrapping, and much more.

Module 5: Defending Against Social Engineering
The final module of this class is dedicated to discussing how penetration testers can best advise their clients on how they may defend themselves against social engineering attacks. A best-practice defense framework and metrics to measure the success of security investments will be imparted. We will also share the most effective approaches we have discovered from training thousands of employees on protecting themselves from social engineering attacks.

Enrol


Fees
  • Ticket: $2,000.00 AUD including GST.

Enrolment
No open registration programmes scheduled. Contact us to run this learning programme onsite.
Terms and Conditions
  • Payment methods are either booking online via Event Brite or contacting us for an invoice.
  • Payment is required at the time of booking.
  • Cancellation notifications after 14 days prior to course commencement date are not eligible for refund.
  • Cancellations received between 15 and 28 days prior to course commencement will be charged 50% of the course fee.
  • Students are allowed 1 reschedule per class. Transfers received between 15 – 28 days prior to course commencement will be charged a $300 (incl GST) administrative fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Transfers received 14 days or less prior to course commencement will be charged 50% of the course fee. The new session date must be given at the time of the reschedule notification and rescheduled classes must be taken within 6 months of original scheduled date.
  • Payment must be made in full prior to any rescheduling.
  • Student substitutions can be made in writing 48 hours prior to a class start.
  • If a student does not attend a scheduled session, there will be no refund or reschedule given. Payment is forfeited. Mossé Security reserves the right to cancel a course and will endeavour to provide participants with as much notice as possible. Upon cancellation, any fees already paid by the participant will be refunded.

Requirements

Software Requirement
Bring a laptop running the Windows or UNIX operating system with the OpenVPN or Tunnelblick client to connect into our training lab in the cloud.