SANS: Social Engineering for Pen Testers
Social Engineering for Penetration Testers provides the blend of knowledge required to add social engineering skills to your penetration testing portfolio. Successful social engineering utilizes psychological principles and technical techniques to measure your success and manage the risk. This session covers the principles of persuasion and the psychology foundations required to craft effective attacks and bolsters this with many examples of what works from both cyber criminals and the authors experience in engagements. On top of these principles we provide a number of tools (produced in our engagements over the years and now available in the course) and also labs centered around the key technical skills required to measure your social engineering success and report it to your company or client.
You'll learn how to perform recon on targets using a wide variety of sites and tools, create and track phishing campaigns, and develop media payloads that effectively demonstrate compromise scenarios. You'll also learn how to conduct pretexting exercises, and we wrap the course with a fun "Capture the Human" exercise to put what you've learned into practice. This is the perfect course to open up new attack possibilities, to better understand the human vulnerability in attacks and to let you practice snares that have proven themselves in tests time and time again.
There are a few items and pieces of software that you will need to navigate the course successfully:
• A pair of headphones
• A copy of VMWare (Player, Workstation or Fusion are all fine)
• A Windows host (or a Windows VM)
• 15GB of hard drive space
• USB 3.0 Port(s)
• 4 GB of RAM (8GB recommended)
• The ability to connect to the Internet via a wired or wireless connection.