Performing Social Engineering

Practice Labs Module
Time
57 minutes
Difficulty
Intermediate

Welcome to the Performing Social Engineering Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

Introduction

Welcome to the Performing Social Engineering Practice Lab. In this module, you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Discuss Social Engineering
  • Exercise 2 - Using the Social-Engineer Toolkit (SET)

After completing this lab, you will be able to:

  • Know the Basic Components of Social Engineering
  • Know the Motivation Techniques
  • Know Phishing and its Types
  • Know Hoax, Baiting, Shoulder Surfing, Tailgating, and Piggybacking
  • Create a Malicious Payload
  • Copy the File to the User’s System
  • Download the Payload
  • Execute the Payload
  • Collect Evidence of Compromise on the User’s System

Exam Objectives

The following exam objectives are covered in this lab:

  • PT0-001: 3.1 Compare and contrast social engineering attacks
  • PT0-001: 4.2 Compare and contrast various use cases of tools

Lab Duration

It will take approximately 1 hour to complete this lab.

Exercise 1- Discuss Social Engineering

Social engineering is the art of manipulating and utilizing human behavior to conduct a security breach. In social engineering, the victim, who is being used as a subject for a security breach, does not realize that he or she is being used. Users are considered to be the weakest link in the security chain and are easy to exploit. The attacker can use various methods in social engineering to gain sensitive and confidential information. The attacker can use methods, such as sending an E-mail or redirecting the user to a malicious Webpage. There are several methods that can be used, but the intent of each method is to get sensitive and confidential information for a security breach.

In social engineering, the attacker psychologically manipulates the victim and misdirects to obtain the desired information.

Social engineering can be performed in various ways:

  • Over the telephone
  • In-person
  • Performing a task on a system

Social engineering can be considered as the base of mostly all types of passive information gathering techniques. The outcomes of social engineering can be devastating. With one user as a target in an organization, the attacker can perform a security breach of the entire network. It is just a matter of getting inside the network using the information provided by the user.

There can be various types of users who can be the target of social engineering. Some of the common targets are:

  • Receptionist
  • IT Helpdesk
  • HR department
  • Top management

In this exercise, you will learn about social engineering.

Learning Outcomes

After completing this exercise, you will be able to:

  • Know the Basic Components of Social Engineering
  • Know the Motivation Techniques
  • Know Phishing and its Types
  • Know Hoax, Baiting, Shoulder Surfing, Tailgating, and Piggybacking

Exercise 2 - Using the Social-Engineer Toolkit (SET)

Social-Engineer Toolkit (SET) is an open source Python-based toolkit that you can use to perform social engineering attacks. SET is part of Kali Linux. Using SET, you can perform various attacks, such as email phishing or Web-based attacks.

In this exercise, you will learn about using SET.

Learning Outcomes

After completing this exercise, you will be able to:

  • Create a Malicious Payload
  • Copy the File to the User’s System
  • Download the Payload
  • Execute the Payload
  • Collect Evidence of Compromise on the User’s System
Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.