Training Details
2-DAY TRAINING, 3-4 SEPTEMBER @ MEERVAART AMSTERDAM
TICKET PRICE: €1500 EX BTW
This training program equips pentesters and red-teamers with comprehensive knowledge and skills in the art and science of social engineering. You will gain a thorough understanding of all relevant definitions and terminology, and by the end of the course, you'll be capable of designing and executing your own social engineering tests. Over two intensive days, you will learn about the social engineering kill chain (yes, we have one too), develop effective pretexts, and understand how to map out all necessary elements for success. In addition to detailed theory, the course includes interactive and enjoyable practical exercises. These exercises, or games, will let you experience the roles of both attacker and victim.
You will learn:
- What is Social Engineering (and what isn't it)
- Defending against SE: Strategy and Techniques
- Offensive SE: Strategy and Techniques
Day one: Setting the Scene
During this day we wil first cover some essentials. After all, there are a lot of misconceptions about this topic, leading to unwanted situations such as declaring social engineering “out of scope” when planning a pentest. Showing you what it is actually about will not only strengthen your understanding but also help you better inform decision makers of the importance of this many times overlooked security risk. First we’ll look at what social engineering is, what it is not, and how it relates to other subjects in human factor security. This includes looking at victim- and perpetrator profiles, motivations, methods, but also a dissection of the act of lying. Next we will delve into the different forms we can observe such as CEO fraud, romance scams, and (s)extortion, but also some ways to use social engineering with good intentions. Lastly we will cover defense and see how to prevent, detect and respond to a social engineering attack. This module will likely overflow into the next day. Also during the first day we will introduce our interactive game that is played throughout the entire course.
Day two: Mostly Offensive
During day two we will recap and start where we left off the previous day. We will likely finish the defense module before the first coffee-break. After that we start looking at offensive social engineering as used by pentesters and criminals alike. We will explore the social engineering kill-chain consisting of target investigation, preparation, introduction, execution and exit, looking at all stages in great detail, again illustrated by some juicy ‘war stories’. After some small assignments we will discuss the various aspects to improve your understanding of the process. The goal here is giving you the correct mindset to create a working pretext and improve it until there is a high likelihood of succes. For those who like, we will also offer a chance to practice acting and stress management. Valuable skills when you end up in “the field”. Lastly we will also discuss some techniques that can never be used in ethical application, not even in testing scenarios. Although you should always exclude these from your pretext you will want to discuss them or write about them in your report as it is something your client should be aware of and take countermeasures against.
MARCEL VAN DER VELDE
Marcel van der Velde is a renowned social engineer, speaker and trainer. From a young age Marcel got interested in human behaviour, especially whilst interacting with others or with information systems. "How could it be that the same question asked by one person got a positive result while another was turned down? What made smart people do stupid things? How do magicians do what they do? What about marketing? And fraud?" It started him on a journey through the science of perception, the art of persuasion and the craft of misdirection. After college, Marcel combined IT security with these human factors and helped early pentesters succeed in their missions bypassing all kinds of security measures. He soon became "The guy that put the thumb drive on the parking lot", a now well known story among security professionals – and one of the few that did not remain a well kept secret.
After fifteen years of collaborating with different teams and conducting tests, Marcel decided to turn his attention to full-time research and teaching. Still collecting new insights every day, he bundeled some of the "war stories" into valuable lessons. With permission, as long as he changed names, times, and places. These became part of his training program, adding real world examples to the theoretical concepts. Incidentally Marcel still helps to train pentesters to better understand the human mind - not just their victim’s, but also their own, resulting in a more confident approach and better results.