From the course: Performing a Technical Security Audit and Assessment
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Conduct social engineering
From the course: Performing a Technical Security Audit and Assessment
Conduct social engineering
- Social engineering is a technique security assessors can employ to trick end users into divulging information they shouldn't. This information often includes user names and passwords as well as other sensitive data such as credit card or social security numbers. Social engineering can be conducted in a variety of ways including in person or over the phone through simple lying. Via malicious websites using a technique called phishing. Via email using phishing or another technique called spear phishing, and via text or instant messages. The purpose of conducting social engineering during a security assessment is to test how effective an organization's security awareness training is. If an assessor is successful in getting a user to share information they shouldn't, this should be a finding in the assessor's final report. The recommended remediation could be to improve user security training or make it more frequent. On the other hand, if an assessor attempts social engineering tactics…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
(Locked)
Required skillsets1m 43s
-
(Locked)
Crack passwords3m 15s
-
(Locked)
Challenge: Install and run a password cracker1m 26s
-
(Locked)
Solution: Install and run a password cracker2m 46s
-
(Locked)
Password cracking tool demo5m 19s
-
(Locked)
Conduct penetration tests4m 7s
-
(Locked)
Penetration testing tool demo3m 55s
-
(Locked)
Conduct social engineering1m 29s
-
(Locked)
-
-
-
-