Short description

The threats facing companies and organizations when it comes to the security of their information have changed completely in the last few decades. This has been caused on the one hand, by the complexity and natural dynamics of IT infrastructures which have turned operating a company securely into a big challenge.

But on the other hand, it has to do with sophisticated attacks that do much more than take advantage of technical loopholes. Modern attacks ever more often also make use of organizational weaknesses, including both aspects of physical security and human behavior. Instead of focusing on automated exploits, the employees are now becoming the more significant area of focus for the attacker.

Because of the variety of attacks occurring, firms are now concentrating on protecting themselves from the danger that emanates from Social Engineering (SE).

During this seminar, we will immerse ourselves in the world of Social Engineering and learn to recognize and understand its methods, tools and tricks.


The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 days more.


Learning objectives

The participants will be capable of assess a company’s level of security, judging the vulnerability of the business, and drawing up and introducing organizational as well as technical countermeasures against SE attacks.

They will learn and have at their disposal a comprehensive collection of instruments and skills which will support them while

  • assessing the company’s security level with regard to Social Engineering attacks,
  • improving security awareness in the company,
  • defending oneself and the company against social engineering attacks,
  • drafting and introducing technical and organizational countermeasures.


Highlights

Introduction

  • What is Social Engineering?
  • Current situation (trends/future)
  • Phishing
  • SMShing
  • Vishing
  • Baiting
  • Impersonation
  • Dumpster Diving
  • Elicitation/Influence/Manipulation
  • Tools (Software, Hardware)


Penetration testing methodology for social engineering 

  • Information gathering
  • Fingerprinting a company/person
  • Open Source Intelligence (Maltego/Google Dorks/Impersonation/Others)


Pretext Development

  • Modeling attacks based on collected information
  • Elicitation techniques
  • Manipulation techniques


Planning of attacks

  • Organizational precautions
  • Chronological planning based on current statistics


Reporting

  • What information is included in a good report?
  • How will this information be presented?


Awareness

  • How will the employees be sensitized to Social Engineering attacks?
  • How will an effective awareness campaign be structured?


Measures

  • Technical countermeasures
  • Organizational countermeasures 


Target group

  • CISO
  • Security Officers
  • Penetration Tester
  • Auditors
  • Persons interested in Social Engineering


Prerequisite

  • IT Security Basics
  • OSINT knowledge advantageous
  • Programming knowledge not necessary

    CALENDAR

    Securing Industrial IoT

    On August 29, 2019, experts from research and practice will meet in Bremen to discuss how industry companies and CIP operators can actively protect... Read more

    Cyber Risks – from abstract risk to everyday reality

    The Europa Institut at the University of Zurich (EIZ) is one of the leading centres of expertise for European Law and is an important provider of... Read more

    Swiss Treasury Summit 2019

    Das Schweizer Jahrestreffen der Treasurer - am 11. September 2019 an der HSLU in Rotkreuz. Read more

    ALL DATES

    NEWS

    Vulnerability in "The Scheduler" Plugin for Jira

    Thierry Viaccoz has identified an XML External Entity (XXE) vulnerability in "The Scheduler" plugin for Jira. Read more

    Vulnerability in the Email+ iOS Application from MobileIron

    Sylvain Heiniger has identified a "Cleartext Storage of Sensitive Information" vulnerability in the MobileIron application Email+. Read more

    Vulnerabilities in Universal Automation Center (UAC)

    Michael Fisler and Felix Aeppli have identified vulnerabilities in the Universal Automation Center (UAC). Read more

    ARCHIVES

    Compass Security Blog

    Privilege escalation in Windows Domains (2/3)

    This second article about privilege escalation in Windows domains describes how to propagate by aiming for passwords that are lying around. mehr

    Privilege escalation in Windows Domains (1/3)

    This first article of our series about privilege escalation in Windows domains demonstrates how to get a foothold by relaying credentials from users. mehr

    ZUM BLOG