Our Social Engineering training course gives an insight into the vulnerabilities exposed to businesses from the ‘human factor’.
Social Engineering exploits flaws in human weakness and constitutes one of the highest threats to organisations today, as they are able to use deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Social engineering remains one of the most effective means of attacking organisations of all sizes. Attackers are becoming more sophisticated. and are using a multitude of attack vectors. Not only are they relying on technical means of attack but are exploiting human behaviour to gain information.
Your staff need to be able to identify and defend against attempted attacks, both in the work place and whilst away using corporate IT equipment.
Course attendees will learn about:
The Threat - You will gain an understanding of the techniques used by social engineers in the planning stages of an attack. We introduce you to key social engineering concepts, the goals of social engineering, and warn you about the tool’s attackers use to gain intelligence on your organisation. You will see real-time interactive demonstrations centred around the most popular and scalable forms of social engineering.
The Attack – You will explore and engage in the social engineering attacks used by the attackers and will learn how exposed you and your organisation may be to this every day common and significant threat. This interactive training balances practical lectures and discussions to understand the ‘Social Engineering Attack Cycle’, with multiple interesting exercises and demonstrations that highlight weaknesses within organisations; weaknesses from employees which result in information security breaches.
Defend, Prevent, Deter – Social Engineering remains a high threat to organisations regarding information security breaches. You will explore the options available, and the controls needed to minimise risk and diminish the threat to your organisation. This will culminate in an interactive War Gaming session, where you will formulate a plan of defence to take back to your organisation and use immediately. You will see what works, and what doesn't, and how to report on it to help the organization improve their defences and increase your snare rate. The course will equip you to deal with some of the ethical and risk challenges associated with social engineering engagements, understanding human behaviour, and how to defend against it.
Social Engineering Fundamentals
The Reconnaissance Phase (Open Source Intelligence) OSINT Tools
• Google Alerts
• Google Dorks
• The Harvester
• Have I been pawned
Cyber Kill Chain
The art of Phishing, (don’t get hooked!) - Technical Phishing Tools
• Phishing (SET, NGROK)
• Spear Phishing,
• Whale Phishing,
Spoofing Email – Demonstrations (Interactive)
The art of Phishing - Phishing – (Physical) (Interactive)
• Listening Devices and Bugs
• USB Drop (Ducky USB)
• Dumpster diving
• Shoulder Surfing
• Lock Picking
• Mobile phone recording
The art of Phishing – (Telephone) Telephone Phishing
Finding your organisations leaked credentials and the dark web Credential Harvesting demonstrations
• Have I been Pawned
• Username and password harvesting
• Password Re-use
• Password cracking
• Hashing/Cracking Hash
• Dictionary/Brute Forcing
Network (Packet) Sniffing – Open Networks (coffee shops etc.) Network Tools
• Network Miner
Mobile Device Exploitation – (Hacking Mobile Devices)
• Mobile Phone
• Probe Requests
• Fake AP/SSID/Rogue Access Point
• Rogue Network Devices
• Fake Iframe/Portal – Username and Password Capture
• De-authing Clients
• Untrusted APK (Gaining remote access to mobile phone - data, SMS, camera, photos etc.)
• Session Hijacking/Cookie Stealing
Vulnerability Assessing Your Systems
• Virus Total
• Malware Testing
Educating the workforce What can an organisation do to defend itself?
Practical tips and advice on implementation
Incident/Breach Management Containment, Isolation and Managing Incidents
War Gaming Scenario Team exercise and presentation
Final Questions, Discussion
Networking and Close
08/02/2018: The need for increased application security is dramatically changing the way software is built – for the better. By prioritising security during...
22/01/2018: The new Global Data Protection Regulation (GDPR) promises to be the biggest change in corporate information security since the original Data...
15/01/2018: As 2018 gets under way, now is the perfect time to revisit the OWASP 2017 conference – and apply the best-practice guidelines discussed at the...
19/10/2017: A leading Financial Services organisation was keen to get several of its teams working consistently in an "Agile" way. Agile is an iterative...
13/10/2017: The BBC, who have a very substantial investment in technology, were keen to improve the quality of software development: to instil developers...
07/10/2017: This client was expanding its capability to deliver technical training across EMEA. It had recently acquired a large technology company which...
Bring a JBI course to your office
and train a whole team onsite
0800 028 6400 or request quote
0800 028 6400
Why JBI ?
"great technology tips"
"Access to exclusive content"
"Short course means less time off"
"Joined via web"
"Knowledgable sales staff"