Seats Available: n/a
Due to unforseen circumstances, Opposing Force has canceled this training course. Matteo Beccaro will still be speaking in the main conference.
Overview
Offensive Social Engineering is a two-day training course focused on advanced social engineering techniques. Social Engineering is discussed in both theory and practice: starting from the history of the discipline, the students are introduced to the basic psychological principles abused during Social Engineering attacks; the inner workings of the so-called Human OS are then detailed, thus providing the class a clear understanding of theoretical concepts that can be adopted during the practical design of attack scenarios. Finally, an agile and highly practical SE methodology is provided together with a series of real-world cases studies “dissection” sessions, which are used to better understand the key aspects of successful SE attacks.
What students will get:
The students will be provided with course slides in PDF format, tools for the in-class exercises and a subsidiary with extra notes concerning the discussed case studies.
Prerequisite Knowledge:
No prior knowledge on the topic is required.
Target Audience:
The course is design for security professionals and enthusiast interested in attack methods employed by malicious social engineers, and can be useful for performing ethical SE penetration tests or to increase attendees’ awareness.
Syllabus:
Module 01 – Introducing Social Engineering
1.1 What is Social Engineering: multiple definitions
1.2 Understanding the roles of human security in a cyber-digital world
Module 02 – The Chronicles of Social Engineering
2.1 The History of Social Engineering Attacks
2.2 Modern Social Engineering
Module 03 – Hacking the Human OS
3.1 Human OS Architecture and Inner Workings
3.2 Mapping the Human OS Attack Surface
3.3 Psychological Principles Abuse Behind Social Engineering Attacks
Module 04 – Social Engineering in Theory and Practice
4.1 Introducing the Social Engineering Framework
4.2 Social Engineering in OSSTMM and CAPEC
4.3 Social Engineering Methodology
4.3.1 “War is 90% information” or collecting information for SE attacks
4.3.1.1 Advance remote information gathering & OSINT
4.3.1.2 On-site information gathering
4.3.2 Creating Attack Scenarios
4.3.3 Staging Attack Scenarios
4.3.4 Attack Execution
4.3.4.1 Remote Social Engineering
4.3.4.2 Physical Social Engineering and building intrusion
Module 05 – Lost in Deception: Case Studies & Final Considerations
Our website: http://www.opposingforce.it