On This Page

Achieving Security Awareness Through Social Engineering Attacks

Jayson E. Street & April C. Wright | August 4-5 & August 6-7



Overview

The ability to "think like an attacker" is the best way to defend against attacks. Your employees are your biggest asset, but also at the biggest risk for social engineering (SE). Awareness is the best defense against SE threats. Class activities will introduce students to profiling the online presence of employees and enterprises, as well as performing hands-on attacks against WiFi and physical computers. After successful completion of this course, students will have a better understanding of how to detect and/or prevent to SE events by looking at their defenses from a different perspective. Students will gain insight into how to educate others and create greater awareness about the various dangers that can occur. Students will also learn about operational security (OPSEC) for defense against attacks. The primary goal of this course is to demonstrate vulnerabilities with the intent of substantially increasing the security posture of an organization by implementing changes to better handle malicious SE attacks. This 2-day course will use current Red Team strategies to develop a better understanding of how attackers use SE, as well as provide methods to prevent and detect these attacks via awareness programs and "teachable moments". A custom Hak5 Field Kit will be provided to each student for use during the class, which students will be able to keep and take home.

What someone would get out of the class:

  • Understand common attack vectors for social engineering
  • OSINT techniques:
    • Social media
    • Specialized tools and Deep Web searches
    • Website Recon and Plugins
  • How attacks can be customized based on OSINT to be more effective
  • Learn how to use common social engineering attack tools to demonstrate vulnerability
  • Crafting and delivering payloads via:
    • Spearphishing
    • Hak5 Pineapple
    • Hak5 BashBunny
  • Risk evaluation of humans and company footprints
  • Learn from case studies about real-world attacks
  • Gain techniques for OPSEC defense to prevent OSINT attacks
  • Build a foundation for effective security awareness programs

Who Should Take this Course

Security defenders
Blue team (Data Forensics, Incident Response, Analysts)
Security Auditors
Internal Awareness Teams / Trainers
Infosec personnel interested in defending against social engineering
IT support staff
Customer-facing call-centers and similar jobs
Anyone interested in learning more about common social engineering attacks

Student Requirements

No prerequisites, per se
Students should have a willingness to try

What Students Should Bring

  • A laptop with WiFi capability
  • A phone or a tablet with WiFi capability. A 2nd laptop would also work.
  • If required for their laptop (e.g. newer Macbooks), an adapter so the student is able to connect a USB-A cable (e.g. USB-C to USB-A adapter)

What Students Will Be Provided With

Students will be provided with a custom Hak5 Field Kit that they will get to keep.

Trainers

April Wright is an information security speaker, author for O'Reilly, community leader, and a generalist hacker with 25+ years of breaking, making, fixing, and protecting "all the things" while playing roles on offensive, defensive, reactive, operational, and development teams. April has collected dozens of certifications to add letters at the end of her name and recently almost died in Dracula's secret staircase. Nevertheless, she persisted and still roams the globe teaching both hackers and non-security people how to protect personal privacy and the most important assets that impact our lives. She has been a speaker and contributor at conferences including BlackHat, DefCamp, DerbyCon, OWASP and ISSA, started multiple businesses, co-founded the Boston DC617 community, and you may have spotted her replying to your Global DEF CON Groups emails. April is a polymath who has been working with Verizon to build more secure software from the ground up by wielding a pragmatic SDLC carrot-stick guidance system and performing risk reduction with a vengeance via comprehensive governance and compliance programs for massive global infrastructures. April once read on 'teh interwebs' that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the "most significant and interesting person currently inhabiting the earth", so it must be true.

Jayson E. Street is an author of the "Dissecting the hack: Series". Also the DEF CON Groups Global Ambassador. Plus the VP of InfoSec for SphereNY. He has also spoken at DEF CON, DerbyCon, GRRCon and at several other 'CONs and colleges on a variety of Information Security subjects. *He is a highly carbonated speaker who has partaken of Pizza from Beijing to Brazil. He does not expect anybody to still be reading this far but if they are please note he was chosen as one of Time's persons of the year for 2006.

Video Preview (Training Description Above - Top of Page)