Conference
#Belgrade2020
  • About
    • About QuBit Conference Belgrade
    • About QuBit Conference
    • Contact us
  • Program
    • Program QuBit Belgrade 2020
    • CPE & ECE
  • Sponsors
    • Call for Sponsors
  • Gallery
    • Gallery Belgrade 2019
    • QuBit Belgrade 2017
  • Blog
    • Red Teaming
    • Social engineering
    • Threat Investigation
  • About
    • About QuBit Conference Belgrade
    • About QuBit Conference
    • Contact us
  • Program
    • Program QuBit Belgrade 2020
    • CPE & ECE
  • Sponsors
    • Call for Sponsors
  • Gallery
    • Gallery Belgrade 2019
    • QuBit Belgrade 2017
  • Blog
    • Red Teaming
    • Social engineering
    • Threat Investigation
Penetration testing with social engineering

Penetration testing with social engineering

TRAINERS: 

Henrich Slezak

Security Auditor and IT Security Consultant | LIFARS

Milan Kyselica

Penetration tester | LIFARS

TARGET AUDIENCE:

  • Security managers
  • Junior pentesters

Penetration testing with social engineering

2 December 2020| Online

This training and workshop focus on the planning, preparation, implementation and evaluation of security testing using social engineering to identify and address security vulnerabilities. From the initial contact with the client, through the test planning, execution of OSINT, preparation of tools, all the way to the delivery of the payload to the target and testing evaluation. All phases of testing from a theoretical and practical point of view, along with demonstrations of work with various tools and tips on how to increase the success of your ethical attacks.

Content

1. Introduction to offensive security and social engineering

  • Role of social engineering in offensive security engagements. Main principles, techniques and ethics.

2. Types of attacks

  • Types of attacks using social engineering with focus on phishing techniques.

3. Recon / OSINT

  • How to perform recon on the organization. Which tools are penetration testers using when performing recon not only for spear-phishing campaigns.
  • How to choose the email addresses and which domain to buy.

4. Weaponization / Preparation

  • Choosing the phishing framework, in our case (Gophish). Setting up the email server (Mailserver), tweaking a lot of stuff (SSL/TLS certificates, SPF, DKIM, DMARC, and recompiling Gophish to strip of transparency headers).
  • Which payload to choose – Link to a website or document Word Documents, Excel sheet, etc?

5. Delivery / Exploitation

  • Setting up a campaign, preparing email body, feeding groups of recipients in Gophish. Is the organization using any email protection or sandbox?

6. Installation / Command & Control

  • Review of latest public phishing campaigns and their payloads.

7. Evaluation and reporting

  • Focus on interpreting the results of the finished campaign. Identifying if the emails were open, if the link was visited, etc. Tips & Tricks on how to identify and fingerprint visitors.

 

Duration: 4 x 45min (14:00-18:00), 15 min. break after every 45 min.

Number of attendees: Up to 25 attendees

Register for workshop
QuBit CONFERENCE

QUBIT CONFERENCE
#Belgrade2020

NEWSLETTER SUBSCRIPTION




SECURE PAYMENT
© 2013-2020 QuBit Conference, The Universe of Cyber Security -  Privacy Policy -  Privacy Policy in Slovak language -  Terms & Conditions
Cookies are used to improve the functionality of this website and its services. Further use of this website will be deemed your consent to the storage of cookies in your browser. For more information, see our Privacy policyOKPrivacy Policy