Social Engineering Expert (Full-course)

To be sure we start off on the right foot, I cover some popular terms in Social Engineering.

In the Overview lecture, I provide some general guidance on the topic of social engineering, such as statistics in security breaches and how prolific it is in cybersecurity attacks.

Social engineering is not a byproduct of cyber or technology. It has been around for a long time and in this lecture, I give some examples of social engineering in practice over the years.

In this lecture, I focus on modern uses of social engineering, particularly its relation to cybersecurity, technology-related, and non-technology-related attacks.

What are attack vectors in social engineering? This may be a new term so what does it mean? In this lecture, I cover the many ways you could execute your social engineering campaign effectively.

In this lecture, I focus on one of the most common avenues for social engineering. Email phishing is just one of the many attack vectors, however.

Learn how and when you are being socially engineered from someone by phone. How could you conduct your own phone phishing campaign?

What is baiting? Discover some of the ways you could leverage baiting techniques in your own social engineering campaign.

One of the most low-tech, yet effective social engineering vectors. Yes, it still happens but how can you improve your tailgating techniques?

Social engineering your target face to face. Develop the skills to effectively persuade your target through physical pretexting.

In this lecture, I outline three (3) must-have steps to plan out your social engineering project.

Social engineers must have a well-thought-out process and in this lecture, I show some of the phases you should follow in each engagement.

To get things started on the right foot, use the Client Interview Questions download to determine the right scope and threats relevant to the organization. Please refer to the downloadable materials section.

The Social Engineering Operational Plan will serve as a working document for planning a social engineering engagement. It contains the necessary information to communicate with your team and your client.

In this lecture, I cover very important points when carrying out a social engineering engagement.

One of my favorite things to do is share war stories. Check out one of my podcast episodes titled, Episode 3: WAR STORY - Will the real maintenance guy please stand up?  After telling this social engineering story so many times, I decided to get help from a friend and try to tell it the right way. Enjoy!

The Authorization Letter (aka, Get Out of Jail Free Card), is necessary for each and every social engineering operation. The letter's purpose is to validate the social engineer is actually not a sketchy criminal, but a hired consultant.

Here is the template to use and modify for your own Social Engineering Operations. Please understand this is a general report structure with a minimal amount of sections.

In this lecture, I discuss several TTPs concerning information gathering using non-technical means. This includes gathering information during long-range and short-range surveillance and more.

In this lecture, I provide a curated list of equipment me and my team use during social engineering operations. It doesn't include every piece of equipment we own, but will definitely serve as a great place to get started. Happy hunting!

The template is a resource you may use to capture critical notes in the field when you may not have an electronic device nearby to record those important observations.

With Google Earth, Social Media, and certain hacker tools, I show you how to use technical means to gather intel on a facility or people for the purposes of information gathering.

In this lecture, I show you how to install technical tools designed to obtain intelligence using open-source means. Both Maltego and Metagoofil are excellent tools to get started.

Additional links to resources to help fortify your information gathering efforts.

Google Dorks is just a funny name for advanced Google searches (aka, queries). What's novel about these is that they are constructed in a way that leverages the power of Google's search database and query engine to find specific information that doesn't normally bubble up to the top of query results. By using advanced search parameters, we're able to look for juicy information that enables us to discover helpful or even sensitive information about our client (target) during our social engineering operation.

Elicitation is the practice of subtly extracting information from a target surreptitiously. In this lecture, I cover elicitation techniques and how to use them on your target.

Microexpressions can tell a lot about how your target is responding to your social engineering test. Learn how to detect these small indicators and how to try and masquerade your own.

Body language is a critical indicator of how a person feels at any given moment. In this lecture, I show you how to decipher how a target is feeling by reading their body language.

Congratulations!

Check out my security books available on Amazon.com and these additional resources to keep up your learning momentum!