
Understanding social engineering means understanding human psychology. Attackers know people are naturally inclined to trust authority figures, whether they claim to be a manager, IT support, or even the police. Fear is another powerful motivator, threats such as “your account will be locked” or “legal action will be taken” trigger panic and fast reactions. Curiosity is often exploited through clickbait style traps: messages promising to reveal private photos or profile views. Reciprocity plays a role too; if someone gives a gift or reward, people often feel obliged to respond. Finally, social proof is leveraged, if “everyone else is doing it,” we’re more likely to follow. This section highlights how these psychological triggers are used not in isolation, but in combination, making them harder to resist. By being aware of how our minds can be manipulated, we strengthen our ability to pause, think, and resist manipulation.
This page highlights the most common types of social engineering attacks, each designed to exploit human behaviour rather than technical flaws. Phishing remains the most widespread, with attackers creating emails that appear to come from trusted sources. Vishing takes the scam to the phone, while Smishing adapts it for text messages. Pretexting involves an attacker inventing a believable scenario, often impersonating IT or banking staff, to gain trust. Baiting plays on curiosity, leaving infected USBs or files where someone is tempted to pick them up. Each method may seem simple, yet all have the power to compromise individuals and entire organisations. The key lesson is clear: attackers use whatever communication channel people trust most. By recognising the hallmarks of each technique, staff can remain alert and avoid falling for tricks. The defence against these attacks starts with knowing how they are deployed in the first place.
Spotting social engineering relies on noticing subtle red flags. Urgency is one of the most common traps: messages demanding immediate action or threatening consequences are almost always suspicious. Another warning sign is when someone requests sensitive information, no legitimate organisation will ever ask for passwords or two factor codes by email, call, or text. Unexpected links or attachments are another danger, even when they appear to come from a trusted contact. Attackers also rely on fake authority, posing as managers, IT staff, or even law enforcement to pressure quick decisions. Poor spelling, unusual grammar, or generic greetings such as “Dear User” should immediately raise suspicion. This page underlines the importance of pausing before responding, clicking, or sharing. By recognising these patterns and taking a moment to verify requests, individuals can protect themselves and their organisation. Awareness of these common signs is the best first line of defence.
Understanding social engineering means understanding human psychology. Attackers know people are naturally inclined to trust authority figures, whether they claim to be a manager, IT support, or even the police. Fear is another powerful motivator, threats such as “your account will be locked” or “legal action will be taken” trigger panic and fast reactions. Curiosity is often exploited through clickbait style traps: messages promising to reveal private photos or profile views. Reciprocity plays a role too; if someone gives a gift or reward, people often feel obliged to respond. Finally, social proof is leveraged, if “everyone else is doing it,” we’re more likely to follow. This section highlights how these psychological triggers are used not in isolation, but in combination, making them harder to resist. By being aware of how our minds can be manipulated, we strengthen our ability to pause, think, and resist manipulation.
Defending against social engineering begins with simple but powerful habits. Always verify unexpected requests through trusted channels before taking action, especially when money, access, or sensitive data is involved. Treat unsolicited links, attachments, and USB devices with extreme caution, as these are common attack vectors. Oversharing on social media is another risk, since criminals collect personal details to make their attacks more convincing. Multi-factor authentication (MFA) should be enabled wherever possible; it adds an extra barrier beyond just passwords, significantly reducing the risk of compromise. Finally, prompt reporting of suspicious messages, calls, or encounters is essential. Early reporting not only protects the individual but also prevents attacks from spreading within an organisation. This page emphasises that defending yourself does not always require advanced technical knowledge, it requires vigilance, scepticism, and a willingness to follow security best practices every day.
To understand social engineering, it helps to know the tools attackers use. Gophish allows realistic phishing simulations, testing how easily people fall for fake emails. HiddenEye and SocialFish generate fake login pages to capture usernames and passwords. EvilURL creates deceptive lookalike web addresses, while Evilginx acts as a “man in the middle,” stealing both credentials and login tokens. The Social Engineering Toolkit (SET) is perhaps the most versatile, offering phishing campaigns, fake websites, and payload delivery options all in one. While these tools can be misused by attackers, they are also widely used by security professionals in ethical penetration testing and staff training. This page highlights the dual purpose of such software, as both weapons for criminals and teaching aids for defenders. Awareness of these tools helps individuals understand how convincing modern attacks can appear, and why caution is essential when interacting online.
The final section explores the growing role of artificial intelligence in social engineering. AI makes it easier to create realistic fake profiles, generate convincing phishing messages, and even replicate human voices for vishing scams. Deepfake technology allows attackers to impersonate colleagues, managers, or public figures with startling accuracy. The concept of anonymity is under increasing threat with facial recognition, voice synthesis, and AI driven behavioural analysis, it is harder than ever to remain unseen online. This shift presents both new risks and new responsibilities. Organisations must educate staff about these evolving dangers, while individuals must be cautious about the personal information and images they share. The message is clear: the boundary between the digital and real world is blurring. As attackers adopt advanced AI tools, awareness and vigilance must keep pace. The human element remains both the greatest target and the strongest defence against these threats.
In this walkthrough, we explore GoPhish, a free and open source phishing simulation platform used by security teams and ethical hackers. You’ll learn how to safely set up a phishing campaign in a controlled environment without putting real users at risk.
We’ll cover:
Setting up a secure sending profile using Mailtrap (a sandboxed email testing tool).
Creating realistic landing pages, such as a cloned Microsoft 365 login page, to demonstrate how attackers mimic trusted services.
Designing phishing email templates that simulate urgent or suspicious messages.
Launching a controlled campaign and monitoring results using GoPhish’s dashboard.
By the end of this session, you’ll clearly understand how phishing attacks are constructed, the psychology behind them, and most importantly how to recognise the red flags. This hands-on demo is ideal for cybersecurity learners, ethical hackers, and IT professionals who want to see phishing from the attacker’s perspective without any real world risk.
A script is essentially a set of instructions written in a language that computers can understand and execute step by step. Unlike compiled programs that need to be built before running, scripts are interpreted line by line, making them flexible, fast to adjust, and ideal for automating tasks. From saving time to reducing errors, scripts have become vital in IT, cybersecurity, and system administration. Languages such as Python, Bash, PowerShell, and JavaScript are popular because they’re accessible and widely supported. This page introduces learners to the idea that scripts are more than just code, they’re practical tools for everyday automation, data processing, and even software development. Whether managing servers, processing files, or streamlining workflows, scripting empowers professionals to eliminate repetitive tasks and focus on higher-value work. It’s the first step in understanding how automation can transform both individual productivity and organisational efficiency.
This section introduces two of the most widely used scripting environments: Bash for Linux/Unix systems and PowerShell for Windows. At their core, both allow users to interact with systems via a Command Line Interface (CLI), bypassing the need for a graphical interface. The page explores fundamental skills such as navigating directories, creating and managing files, and using variables to store and pass data. Learners are also introduced to pipes and redirection, powerful techniques that let users chain commands together and control the flow of data. Finally, conditional logic and loops are explained, showing how scripts can make decisions and repeat actions automatically. For beginners, these concepts are the building blocks of automation. By understanding them, learners can begin creating scripts that not only perform basic system tasks but also scale up to handle more complex workflows across multiple machines.
Automation is a key part of modern cybersecurity, and this page shows how scripts can enhance reconnaissance and scanning. Simple scripts can automate network discovery tasks such as ping sweeps and port scans, helping identify active hosts and open services quickly. Vulnerability assessments can also be scheduled and run through scripts, using tools like Nmap or Nessus to provide regular security checks. For web applications, scripts can automate tasks like subdomain enumeration, directory brute-forcing, or identifying the technologies behind a website. This section also highlights how workflows can combine multiple tools to gather WHOIS data, DNS records, SSL details, and even social media intelligence. Finally, the importance of parsing scan results and generating reports is covered, helping teams translate raw data into actionable insights. By automating recon, security professionals save time, increase accuracy, and maintain a consistent defence posture without relying solely on manual processes.
Starting with scripting doesn’t need to be daunting. This section provides a step-by-step guide to building a first script. Learners are encouraged to set up their environment with a suitable text editor (such as VS Code or Notepad++) and understand file permissions or execution policies depending on their system. The page walks through writing a simple “Hello World” script to demonstrate syntax and structure before moving on to making scripts executable. Testing and debugging are introduced as crucial habits, with echo or Write Host used to display values and troubleshoot errors. Best practices are also covered, including adding comments, using meaningful variable names, and organising scripts into dedicated folders. By following these guidelines, beginners learn not just how to write functional scripts, but how to develop clean, maintainable, and reliable code from the start. It builds a strong foundation for more advanced scripting challenges ahead.
Python has become the go-to language for cybersecurity, and this page explains why. Its clean syntax and readability make it beginner-friendly, even for those with no prior coding experience. More importantly, Python excels at automating repetitive security tasks, from scanning ports and parsing logs to sending web requests and analysing data. The page also highlights Python’s extensive library ecosystem, with tools like Scapy, Requests, and Socket enabling packet crafting, network analysis, and automation of common security workflows. Many widely used penetration testing and forensic tools are either built with Python or support Python scripting, making it highly relevant in the field. Learners are also encouraged to experiment with building their own tools for tasks like recon, brute-forcing, or malware analysis. By mastering Python, professionals gain a flexible skillset that translates across cybersecurity roles and provides both immediate efficiency and long-term career value.
Automation relies on the right tools, and this page introduces several that every beginner should know. PowerShell is essential for Windows environments, enabling remote configuration, endpoint management, and security automation. Python is emphasised for its versatility, powering everything from custom tools to log analysis and API integrations. Bash remains a cornerstone of Linux scripting, ideal for system monitoring and rapid response without relying on graphical tools. Ansible is presented as a powerful automation engine for managing large-scale deployments and maintaining compliance. Cron (Linux) and Task Scheduler (Windows) are included as scheduling tools for backups, scans, and updates, ensuring tasks run without manual input. Finally, AutoHotKey is highlighted for desktop automation, streamlining repetitive user actions. Together, these tools provide learners with a practical toolkit to automate daily IT and security tasks. By combining them, professionals can build efficient, scalable workflows that support resilience and productivity.
In this short lab, I demonstrate how to create and run a simple Bash script in Linux using the nano editor. The script automates the process of checking which devices on a network are online by sending ping requests and filtering out only the active hosts.
Instead of manually typing commands one by one, the script does the heavy lifting for you, saving time and reducing error. This is a practical example of how scripting can turn repetitive network tasks into quick, automated checks.
For anyone beginning their journey into scripting and automation, this lab highlights how a few lines of code can provide immediate value in day to day IT or cybersecurity work.
Scripting isn’t just about coding, it’s about working smarter.
This slide introduces the concepts of passive and active reconnaissance in cybersecurity. Passive reconnaissance involves gathering information stealthily without direct interaction with the target, such as searching public websites, social media, or WHOIS data, making it undetectable but slower and less detailed. In contrast, active reconnaissance requires direct engagement, like scanning for open ports or services using tools such as Nmap or Nessus, providing deeper insights into vulnerabilities but risking detection through alerts or logs. The slide emphasises passive methods for initial, safe research and active ones for thorough technical analysis, highlighting the trade-offs between stealth and depth in intelligence gathering.
This lecture lists and defines several tools for passive reconnaissance. WHOIS allows you to look up who owns a domain name. nslookup shows the IP address and DNS records linked to a domain. Shodan is a search engine for internet-connected devices. theHarvester collects emails and other data from public sources. Recon-ng is a command-line tool that automates data gathering from many sources.
This lecture explains that social engineering targets people, not technology, by tricking them into giving away sensitive information. Common tactics include lying, pretending, or creating urgency with things like fake emails from "IT support". The most common form is phishing, which uses fake emails or messages to steal information. Other methods include phone calls (vishing) and in-person tricks (tailgating). Social engineering works by exploiting human nature like trust, fear, or curiosity.
OSINT, which stands for Open Source Intelligence. OSINT is the collection of data from public sources such as websites, social media, news articles, and public records. The document specifies that it is a completely legal practice as long as you don't access private or restricted information. OSINT helps in building a profile of the target, including what systems they use and who works there. Popular OSINT tools include Maltego, SpiderFoot, Google Dorks, and social media platforms like LinkedIn.
This lecture describes more tools of the trade. Google Dorking uses advanced search queries to find sensitive information that has been accidentally exposed online. Nessus and OpenVAS are used to scan networks and systems for security vulnerabilities. Maltego visualizes relationships between people, domains, and networks.
Metasploit is a powerful framework for testing and exploiting security weaknesses. SpiderFoot is an automated OSINT tool that gathers intelligence about IPs, domains, and people from multiple data sources.
theHarvester, a powerful tool for early intelligence gathering. theHarvester collects emails, names, and other data from public sources like Google and Linkedin. This is a form of passive reconnaissance, as you are gathering information without directly interacting with the target system. The lab will demonstrate how theHarvester can be used to build an initial profile of a target by collecting publicly available data. This is a crucial first step in many cybersecurity assessments, as it allows you to gather a significant amount of information without alerting the target.
This lecture introduces the concepts of Scanning and Enumeration. Scanning is described as the process of checking which ports, services, or systems are "open" and responding. Enumeration is a deeper process that gathers specific details, such as usernames, shared folders, and network resources. This stage is typically the first active phase in a penetration test, meaning it interacts directly with the target and has the potential to trigger alerts. Tools like Nmap, Netcat, and Nessus are commonly used to automate this process for ethical hackers and attackers.
Port scanning checks for "open doors" on a device, with each port linked to a specific service, such as a web server on port 80. Tools like Nmap help identify which ports are open, closed, or blocked by a firewall. Banner grabbing is the process of requesting a service to identify itself, providing basic information about the software type and version. This information is crucial for identifying vulnerabilities, as outdated or misconfigured software can be an entry point for attackers.
Nmap is a powerful tool for mapping out targets by identifying open ports, services, and operating systems.
Netcat is referred to as the "Swiss Army knife" of networking, used for tasks like banner grabbing, listening on ports, and transferring files. Nessus is a commercial vulnerability scanner used in professional audits to check for known security flaws and misconfigurations. Nikto is a web server scanner that searches for outdated software and dangerous settings on websites. These tools are essential for ethical hackers to safely identify potential weaknesses.
Vulnerability scanners like Nessus automatically check for known weaknesses using a database of threats, making them faster and repeatable for regular checks. Manual discovery involves human analysis and experience to find vulnerabilities that scanners might miss. Manual methods are more flexible and creative, allowing for the detection of complex issues and logic flaws. The best approach is a balanced one, using scanners for coverage and manual testing for depth and accuracy.
A CVE is a unique identifier assigned to a publicly known cybersecurity flaw for consistent tracking. The system is managed by MITRE, and the vulnerabilities are listed in public databases like the National Vulnerability Database (NVD). Security professionals use CVEs, often guided by CVSS (severity scoring), to understand the severity of vulnerabilities. Tools such as Nessus, OpenVAS, and Nmap rely on CVEs to detect known flaws during vulnerability scans. The document uses CVE-2017-0144, the EternalBlue vulnerability, as a real-world example.
Nmap, a powerful and versatile tool for network discovery and security auditing. This lab focuses on port scanning , which is the process of checking which "digital doors" are open on a device and which services are running on them. Nmap can help identify which ports are open, closed, or filtered by a firewall. By the end of this lab, you will understand how to use Nmap to map out a target by identifying open ports and services. This is an essential step in the active phase of a cybersecurity assessment, as it helps to find potential weaknesses and vulnerabilities in a system.
In today's digital landscape, understanding cybersecurity is no longer optional, it's essential. This comprehensive course demystifies the world of cybersecurity by taking you through the crucial first steps that both attackers and defenders use: social engineering, reconnaissance, scanning, and enumeration. You'll learn how hackers exploit human psychology through phishing, vishing, and other manipulation techniques, and more importantly, how to recognize and defend against these attacks.
We then dive into the technical fundamentals, teaching you how to gather intelligence using Open Source Intelligence (OSINT) tools like Shodan, theHarvester, and Recon-ng. You'll master network scanning with industry-standard tools including Nmap and Netcat, learning to identify open ports, services, and vulnerabilities. Through practical demonstrations and real-world examples, you'll understand how to conduct both passive and active reconnaissance, perform vulnerability assessments, and interpret CVEs to evaluate security threats.
Designed specifically for beginners, this course requires no prior experience in hacking or IT. All you need is a computer and curiosity. Whether you're an aspiring cybersecurity professional, IT administrator, or simply someone concerned about digital safety, this course provides the essential knowledge and hands-on skills to either launch your cybersecurity career or significantly enhance your organization's security posture. Join thousands of students who have taken their first confident steps into cybersecurity through this practical, engaging learning experience.