In this video, Marc Menninger describes how to conduct social engineering. Learn why social engineering is sometimes included in technical security assessments and various ways social engineering can be conducted.
- Social engineering is a technique security assessors…can employ to trick end users into divulging information…they shouldn't.…This information often includes user names and passwords…as well as other sensitive data such as credit card…or social security numbers.…Social engineering can be conducted in a…variety of ways including in person or over the phone…through simple lying.…Via malicious websites using a technique called phishing.…Via email using phishing or another technique…called spear phishing,…and via text or instant messages.…
The purpose of conducting social engineering…during a security assessment is to test how effective…an organization's security awareness training is.…If an assessor is successful in getting a user…to share information they shouldn't,…this should be a finding in the assessor's final report.…The recommended remediation could be to improve…user security training or make it more frequent.…On the other hand, if an assessor attempts…social engineering tactics and fails to obtain…unauthorized information,…
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.