Presented By: Dominique C. Brack
This is the first time Social Engineering Engagement Framework (SEEF) author offers an in-person public workshop. Normally the workshops and briefings are closed-group private enterprise or Government only workshops. Profit from first-hand knowledge and experience of a social engineering and information security professional with 20 years of experience. What you will learn: Tools and techniques to plan, execute and manage social engineering engagements. What can and will be used against you, your employees and your organization. This training will provide the skills to detect, defend and assess social engineering attacks and the associates risk with it. You will learn the motivations and methods used by social engineers enabling you to better protect yourself and your organization.
The 2 day course will take place on the 12th & 13th September 2017 at etc venues The Hatton.
Cost is £ 1,300.00 (inc VAT). Buy your place in our shop now.
You can have the best technical security controls in the world, from the most expensive firewall to the most sophisticated biometric access control, but they will not protect you from social engineering attacks. This 2-day course will provide you with the skills to detect, defend and assess social engineering attacks. You will learn the motivations and methods used by social engineers enabling you to better protect yourself and your organization.
This is not a technical course; no technical prerequisites are required. Some tools might be used in the course for achieving a purpose but there will no programming skills necessary. You will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.
Social Engineering is an area filled with ethical challenges, risks and legal landmines and I will do my best to share my experiences in this course. So participants can reap the benefits of my experiences without falling into the pitfalls I have over the years.
1. Social Engineering Economy – Introduction to Social Engineering
- Assessing the social engineering threats
- The evolution of social engineering
- Thinking like a social engineer
- Why social engineering works? The principles on which social engineering is based
- The legal and ethical aspects of social engineering
2. The Social Engineering Engagement Framework (SEEF) – Advanced Techniques and Methods Social engineering engagement management – how to execute SE engagements/ tests
- Governance, Risk and Compliance including “++”
- Approach Selection Method (ASM) – selecting the most effective and efficient approach
- Attack Vector Development (AVD) – developing the most effective attack vectors
- The psychology of social engineering – interposal distance, zones of approach, rapport building etc.
3. Social Engineering Prevention and Defence
- Identify countermeasures against social engineering attacks
- Phishing attacks – is it worth to run phishing exercises?
- Defend against social engineering deceptions that threaten organizational security
- Plan and evaluate security assessments
- Promote vigilance and implement procedures to defeat deceptions
4. Exercises and practical application – Tools used by Social Engineers
- Identifying interview techniques that elicit private information
- Leveraging authority as a manipulation tool
- Conducting information collection: i.e. dumpster dive to gather intelligence
- Gathering Information and Intelligence Identifying information sources
- OSINT tools
Professionals, Organisations and Governments. Individuals who have a professional interest in social engineering. Functions or roles requiring social engineering knowledge either for active use or for building protection against social engineering attacks. CISO’s, Managers, Consultants, Developers, Hackers, Intelligence Org., Red Teams, Pentesters, Psychologists, Defence, Strategists, Tacticians, CxO’s etc.
None specific. Willing to learn and apply new things. A technical background is not necessary. Decision-maker, penetration tester, or hacking enthusiast, this training will be an excellent addition to your professional curriculum.
What to Bring
Laptop and note paper.
About the Trainer
Dominique C. Brack is a recognized expert in information security, including identity theft, social media exposure, data breach, cyber security, human manipulation and online reputation management. He is a highly qualified, top-performing professional with outstanding experience and achievements within key IT security, risk and project management roles confirming expertise in delivering innovative, customer-responsive projects and services in highly sensitive environments on an international scale. Dominique is accessible, real, professional, and provides topical, timely and cutting edge information. Dominique’s direct and to-the-point tone of voice can be counted on to capture attention, and – most importantly – inspire and empower action.
Last year’s conference appearances:
• AREA41 (DEFCON Switzerland), Zürich June 2016 https://area41.io/
• Hack In Paris, Paris July 2016 https://hackinparis.com/
• ISC2 EMEA Security Congress, Dublin October 2016 http://emeacongress.isc2.org/
• DeepSec 2016 Austria, Vienna November 2016 https://www.deepsec.net/