Video Description

In this lesson, Subject Matter Expert Dean Pompilio presents an introduction to Social Engineering (SE). He begins by defining SE as the art – and science -- of getting information from people, having them carry out activities, and getting them to disclose sensitive information through manipulation. Although penetration testing is a prime use of SE, there are other uses for it such as hacking and market research. SE is performed over a longer time scale than traditional penetration testing – generally, over weeks or months because of the research and preparation that is involved. One of the fundamental problems in successful SE is the human problem – because humans are always the weakest links in any security program. In this course you will learn:

  • How to use various social engineering techniques and tools

  • Proven ways to communicate

  • How experience will reinforce methodology

The course includes lectures, labs, and demonstrations on tools (such as Kali Linux, Social Engineering Toolkit (SET), Cupp, Dradis, Creepy, and Recon-NG Framework) that can aid you in the SE process. Other tools – such as voice, use of the phone, and personal appearance – that are used for persuasion also are discussed. You will learn about: - Exploitation Lifecycle – the general five steps of hacking

  • Where SE fits in the exploitation lifecycle

  • Digital information gathering

  • Targeting

  • Digital profile reduction

SME Dean Pompilio discusses the following aspects of the psychology of SE that a Social Engineer needs to master to manipulate targets: - elicitation - the exercise of "teasing" information out of someone

  • framing – building a frame around the subject you are discussing

  • pretexting – devising a story or excuse to get a target to be receptive

  • cold calling – getting someone to give you info while being helpful

Other subjects discussed by SME Dean Pompilio are: - Bypassing physical security with SE techniques

  • The fact that technology cannot solve the problem

  • Post exploitation

  • Digital evasion

Course Modules