Featured Training Course

Social Engineering Master Class

Exclusive 1st Time

Only 25 Seats Available!

 5-Day course developed & instructed by pen testing experts Mike Murray & Chris Nickerson that comes with a FREE Lares Corporate Employee Awareness Training Program. For this first exclusive run, we can only accept 25 students. Additonal dates & locations will be announced soon.

$3995
$2995

The world of Information Security is changing. Budgets are tighter, attacks are more sophisticated, and the corporate network is no longer the low hanging fruit. That leaves web-enabled applications as the vector-du-jour, but that well is quickly drying up for organized crime as well. As they creep up the OSI Model looking for easier ways to steal your corporate assets, they are quickly making their way up the stack to the unspoken 8th layer, the end user. So what is the next step in the never-ending escalation of this cyber war?

To find out, we must do as Sun Tzu taught. "Think like our enemy!" That is, after all, the primary tenet of penetration testing AKA ethical hacking, isn't it? After years of hardening physical systems, networks, OSs, and applications, we have now come full circle to a new dawn of attack. People are now the target of the advanced hacker, and the cross-hairs are focused squarely on their foreheads... literally. It is only a matter of time before corporations feel the pain of wetware hacking requiring a new approach to testing and defense. It has become imperative to assemble a world-class team of experts to train professionals on the technologies and methods of the most dangerous and costly attackers, social engineers.

ChicagoCon has responded with the first ever offering of the Social Engineering Master Class, developed and taught by world renowned social engineers, Chris Nickerson of TruTV's Tiger Team and noted expert and international speaker, Mike Murray. Chris and Mike have over 20+ years of social engineering experience, and have been trained in many electronic and human influence technologies.

This class will teach the information security professional the risks associated with the number one vulnerability present in all corporations, the employees. During the intense 5-day course, the students will learn of the many human threats such as our susceptibility to language, unconscious influence and misdirection commonly used by the advanced social engineer. The members of the class will also learn a formalized and tested technology to plan and execute highly advanced penetration tests using both technical and non-technical social engineering. In addition, they will learn the skills that real social engineers use to test and develop new methods that enable "vulnerability research" against human targets. They will bring back the knowledge on how to combine social engineering with the other disciplines of ethical hacking for inclusion in well-rounded penetration testing programs.

If you are looking for a class to show you a new way to ask for a password or silly parlor tricks to mess with someone's head, then this course is not for you! If, however, you desire to uncover advanced level material of both a technical and psychological manner, and learn the repeatable methods to gather intelligence, execute attacks, manipulate situations, and formally track a company's susceptibility to social engineering... and be able to mess with someone's head, then there simply is no other course like this in the world.

Course Outline

Subject to Change

Section 1 - Introduction

Module 1.1 - Overview of Social Engineering

•         Groundwork & Definitions

•         Course Overview

•         Objectives

Module 1.2 - Social Engineering and Information Security

•       The Forgotten 80%

•       The up and coming threat

•       Performing SE Penetration Tests

o   How do we define Social Eng to clients or internal resources

o   Explaining the benefit to the clients

o   Reviewing the penetration testing market

o   Speak to future of social engineering within information security

§  Blended attacks

§  Cloud SE

§  Ransom/Kidnapping/ and other physical threats

§  Blackmail

§  Return of "the CLASSIC cons"

§  Social Network infiltration

§  False credential/identity

§  Critical infrastructure

§  Terrorism /Propaganda

Module 1.3 - Business Issues

•       Why do our clients perform social engineering engagements?

o   TRUE "Penetration" (i.e. "Can bad guys get in?")

o   Control Validation and Assessment

o   Evaluation of Security Awareness Program

•       Engagement Structure for each type

•       How does SE differ from traditional pen tests?

•       What does it look like when done right?

o   Repeatable process

o   Strong documentation

o   Strong contracts

•       Engagement Process

o   Why the traditional "Waterfall" testing method does not work

o   SE Engagment structure is similar to "eXtreme Programming" - it's what developers call "test-driven development".  That is, test results drive the next round of development.

§  Initial Recon

§  Testing - iterative, test/result-driven engagement methodology

§  Reporting.

o   Creating the real structure of an excellent pen test

o   Repeatability doesn't come from a cookbook but from intuitions

Module 1.3 - Business Issues

•       Why do our clients perform social engineering engagements?

o   TRUE "Penetration" (i.e. "Can bad guys get in?")

o   Control Validation and Assessment

o   Evaluation of Security Awareness Program

•       Engagement Structure for each type

•       How does SE differ from traditional pen tests?

o   Legality

o   Process

§  Linear vs. non-linear systems

§  Harder to script

•       What does it look like when done right?

o   Repeatable process

o   Strong documentation

o   Strong contracts

Module 1.4 - Background

•       History and Background:

o   Some early social engineering tales

o   The common threads

o   Earliest con tricks and mythology - Roman (Eris), Native American (Coyote), and Greek (Hermes)

•       Early History

o   Magicians

o   Early hypnotists (esp. Mesmer, Svengali)

o   Other Charlatans

•       The Golden Age of Con Men

o   1850-1935

o   Thompson, Weil, Clark Stanley

•       From Confidence to "Social Engineering"

o   Abagnale

o   Mitnick

o   Poulsen

o   MOD/LOD

o   Lil Hacker

o   Tiger Team

Section 2 - The 3 Fundamental Skills

Module 2.1 - Language

•       The use of language for influence

•       Dual purposes of language

o   Information Transfer

o   Influence

•       Linguistic Incompleteness

o   Deletion

o   Distortion

o   Generalization

o   Presupposition

•       Creating Precision from Incompleteness

•       Creating Influence from Incompleteness

•       Language and the Unconscious mind

o   The Power of Metaphor

o   Compliance and Cognitive Inertia

o   Hypnosis

o   Binds, Questions and Negation

•        Advanced Language Use

o   Process / Content Confusion

o   Ambiguity

o   Advanced Presupposition for Unconscious Influence

Module 2.2 - Awareness of Others

•       The Overview of the Human Condition

o   spiritual

o   nutritional

o   emotional

o   sensual

o   physical

o   interactional

o   contecxtual

o   intellectual

•       Sensory Acuity - Noticing What's Around

•       Starting to notice other people

o   Learning to trust unconscious awareness

o   Conscious awareness of breathing

o   Conscious awareness of eye movement

•       Body Language

o   Why traditional body language is wrong

o   Learning subtlety

o   Understanding movement

•       Touch and physical interaction

•       The Human Face

o   All emotional content is processed through facial muscles

o   Emotional Content and Expression

o   Facial Coding and Microexpressions

o   Eye movement and micro-musculature

•       Rapport

o   Understanding what rapport is

o   Creating rapport

Module 2.3 - Framing and Context

•       Understanding frames and context

o   Becoming aware of the myriad of frames

•       Transforming Frames

o   Use of physical space

o   Move, Reshape, Resize

o   Altering frames through words, space and rapport

•       Anchoring

o   Anchors == Frames

o   Learning to anchor behavior with physical action

o   Subtle and advanced anchoring

•       Elements for Influential Frames

o   Cialdini's elements of influence

o   Confusion and unconscious interruption

o   Frame Strength and Frame Control

•       Straight up Manipulation

o   The Elements of Lying

§  Repeating a Lie

§  Hiding truth

o   The Darker side of influence

§  Fantasy /entertainment

§  Drugs Alcohol

§  Romance / sex

§  Bogus history

§  physical intimidation

•       Creating a Character

o   The character is our traditional name for an innate and congruent frame choice

o   Understanding how the character sees the world

o   Choice of dress, speech, etc.

Section 3 - Social Engineering Methodology

Module 3.1 - The Basic and Testing Intuitions

•       Social Engineering is not "Waterfall" because it is non-linear

o   The same exploit against the same target will not perform the same way each time.

o   Thus, the traditional "pen test methodology" is too inflexible.

•       We need to teach an iterative testing process in order to learn the intuitions around great penetration testing.  For each step:

o   Evaluate and acclimate to your environment

o   Determine your target.

o   Choose an exploit for that target.

o   Attempt to exploit.

o   Rinse, wash, repeat.

o   Social Engineering Process

•       Teach using multiple examples and case studies

o   Teach the students to evaluate a target through this process

o   Give scenario, have the student choose a method to exploit. 

o   Case studies challenge imagination - look for ideas of how to get access.  Have students create detailed plans and choose appropriate characters.

Module 3.2 - Initial Recon

•       State similarity to penetration testing recon methods

•       OSINT

•       Advanced Use of Google for Social Engineering

o   What to look for

o   How to find it

o   Electronic/browser tool assist

o   Finding Docs

o   Metadata Extraction

o   Goolag

o   Harvesting email addresses/ org chart

o   Images (signatures, business, locations, corp events)

o   Maps *remote recon

o   Google Latitude

o   Cell phones *number/exchange/block

o   Maltego

•       Social Networks

•       Competitive Intel

•       Corporate Intel

•       Interaction of Businesses

•       Customer listing

•       Business interdependencies

•       Dumpster Diving

•       Trunk diving*

•       Civil Records

•       Licenses

•       BBB

•       Hoovers

•       Dunn & Bradstreet

•       Stereotypes

•       Talk about physical and person-to-person recon

o   "Casing" the environment

o   Cultural assessment

o   Phone recon

o   Examining physical controls, guards, types, cameras, locks,  sensors, ingress / egress points

o   Photos

o   Remote badge copy

o   Remote key copy

o   Bugging

o   Cell tapping

o   RF listening/tapping

o   Wireless phone/voip recon

o   Response time, distance from responders

o   Patrol and security timing, frequency, location

o   Social Areas, Gathering areas

o   Socio-Economic profile

Module 3.3 - Scanning for Vulnerabilities

•        Info Classification

o   Physical

o   Geographical

o   Social

o   Electronic

o   Sensitive info

•       Information Mapping

o   Business Pathway

o   Contextual Pathway

o   Social Pathway

o   Electronic Pathway

o   Physical Pathway

o   Process Pathway

o   3rd Party Pathway

•       Nuggets of Gold

o   Non exploitable info

o   sensitive data mined in intel

o   Un/PW and External Access

o   Persistent Information (delivery times, Office schedule, holiday, etc.)

o   Logo, design, credentials, signatures, letterhead, ORG chart

Module 3.4 - Planning the Attack

•        Who, what, when, where, why and HOW

o   Methods

o   Inventory

o   Tools needed

o   Roles

o   memorization of intel

o   communication coordination

•       Coordination and Strategy

o   Timing of attack

o   Individual goals

o   Metrics and tracking results

o   Client Interaction

o   Emergency planning

o   Selection of exploitation

•       Mock Example and War Boarding

o   Identify the objectives;

o   Develop an initial exercise scenario and narrative;

o   Identify the participants;

o   Chair the exercise participants meetings;

o   Facilitate the exercise;

o   Work vulnerabilities and potential threats

o   The hypothetical moment of the event (time of day, day of month, part of year);

§  The method of event;

§  A description of the events leading to the exploit or execution of the plan;

§  A description of the implications;

§  A description of the role of the engineer and targets

§  Any actions that have been taken prior to activation of the plan;

§  Potential damage caused;

§  Status of all individuals and data involved;

§  Level of success of testing and repeatability

§  POST EXERCISE ANALASYS

Module 3.5 - The Testing Process 

•         Review/Reminder on PDCA

•         Determining Tests

o    Client scoping

o    Goals of the test

o    Potential exposures / needs of the client

•         Types of testing

o    Direction of attacks

o    External

§  Electronic

·         Phishing

·         Client-side/browser-side exploitation

·         Malicious attachments

§  Person to Person

·         Phone

·         Written

·         Social Networks/IM

·         Public Manipulation

o    Surrounding area businesses

o    Direct attack on Target employees: Bar, club, Social Gathering Places

o    Internal

§  Electronic

·         CD/Key drops

·         Authentication bypass

·         Key/perimeter bypass

·         Falsification of credentials

·         RFID/ HID copying

§  Person to Person

·         Gaining access to physical credentials

·         Solicitation

o    Direct interaction

o    Manipulation targets

·         Manipulation techniques

·         Creating spies / information leak sources

·         Becoming an employee

 Module 3.6 - Finding Sensitive Data

•       What is sensitive data?

o   What are we looking for

§  Types of data

§  What causes impact to the company

§  Root is not the goal, the impact to customer is.

•         Vectors for attack

o   Standard Attack Vectors

§  Common critical systems

§  Common sensitive data sets

o   Business data analysis

§  Reviewing past assessments

§  Reviewing BCP

§  Information Criticality Analysis

•       Reporting Exposures

o    Capturing and Access

§  Basic rules

§  Physical Access

§  Data Access

§  Capturing Interaction

Section 4 - Reporting

Module 4.1 - The Report Template

•       How social engineering reports differ

o   No standard vulnerabilities

o   Risk is not as easily assessed

•       Creation of a report that meets client objectives

Section 5 - Case Studies and Putting It All Together

Module 5.1 - Issues in the SE Engagement

•       Choosing responsibilities and understanding the structure of a test

•       Figuring out who is doing what

•       Tying in technical penetration tests and social engineering

•       Tracking project status

Module 5.2 - Engagement Prep Case Study

•       Students break into teams of 3-5 and "draw knives" for one of multiple engagements

•       Prep engagement, including plan of attack, multiple methods for achieving client goals, etc.

•       Present to class

Module 5.3 - Social Engineering Gauntlet

•       Each team has 30 minutes to complete each of 5 practical assignments

•       Students compile corporate reports for review by Instructors and guest judges.

Computers are provided for all students with appropriate tools and resources for the class. Think of the provided computer as your own laptop that would accompany you on your consulting jobs. Here's a partial list of items included on your fully patched XP corporate  machines:

• Core IMPACT & Metasploit
• Maltego
• Wireshark & NetWitness Investigator
• Cain
• VMWare Player with VMs:
  • BackTrack
  • LAMP Server
  • Ophcrack
• Links for helpful sites for use on pen testing assignments
• Reading Lists and other documentation