Description
Social Engineering is a way to exploit people before systems. And since people are considered the weakest link in the security chain, the bulk majority of successful hacking incidents against not only businesses, but also governments, are done using social engineering strategies. This course covers the basic psychology behind social engineering along with the tactics, techniques, and tricks employed for a successful social engineering attack. The student will learn how to develop their own custom Trojan that evades Antivirus, and how to hide it inside a Microsoft Word document which will be sent through phishing emails. Moreover, students will learn how to track and measure the improvement of user’s security awareness by applying those social engineering strategies. The student will get chance to work with sophistical social engineering tools.
Outline
Part 1: Introduction to Social Engineering
- Trust and Human Psychology.
- Goals of Social Engineering.
- Real-Life Incidents.
Part 2: Information Gathering
- Email and Phone Harvesting.
- Social Networks Search.
- Profiling and Targeting.
Part 3: Creating Custom Malware
- Trojan Development.
- Evading Antivirus.
- Microsoft Office Macros.
Part 4: Social Engineering Tricks
- Phishing Campaigns
- Fake Website Clones.
- USB Access.
- Physical Access.
Part 5: Measuring User Awareness
- Systematic SE Program.
- Tracking User Mistakes.
- Responding with Training.