Open Source Intelligence (OSINT) and Social Engineering Training

Information is the foundation element for any social engineer. This course mainly covers the first phase of an attack, called Information Gathering, exposing the techniques used by pentesters to retrieve the information needed to plan offensive activities. This is a course that gives a lot of space to laboratories aimed at illustrating the tools used by pentesters, investigators, researchers and in general by those who have the will to extract important information using sources in the public domain. Real scenarios of social engineering attacks that exploit the information retrieved on the victim target are shown.

Ort & Datum

  • 15.06.2020 - 16.06.2020
  • Online training
  • Training in Italienischer Sprache

Benötigte Materialien

  • Bitte bringen Sie einen Laptop mit, auf welchem Firefox oder Google Chrome bereits installiert ist. Das vermittelte theoretische Wissen wird in praktischen Workshops, vertieft und gefestigt. Hierfür stellen wir jedem Teilnehmer eine eigene NetEye-Umgebung zur Verfügung.

Der Trainer

  • Massimo Giaimo, SEC4U Founder
  • Training in italienischer Sprache

  •  

Kosten & Dauer

  • Zwei Tage, jeweils von 09.00 - 17.00 Uhr
  • Teilnahme am Training: € 1.360 (exkl. MwSt.)

  •  

Agenda

OSINT (Open Source INTelligence)

  • Introduction to Open Source Intelligence historical notes, types of sources
  • Fake news and debunking
  • OSINT of a website
    • find out who registered the domain, who is managing the site, where the hosting is located, finding email and telephone references, finding correlations with other sites, checking the web server and requesting incorrect resources, downloading the whole site and checking offline, brute force directory
  • Browsing and using tools anonymously
  • OSINT of a domain o DNS records, correlations with other domains, registration of similar domains for cyber criminal activities
  • OSINT of doors and services
  • Google search operators
    • Google Dorks, use of SERPs
  • Search and geolocation operators Twitter
  • Search and geolocation operators Facebook
  • Website changes monitoring
  • Carving activities on a website
  • OSINT of a CMS based website
    • verification of the type of CMS, plugins, templates, post authors
  • OSINT of a person
    • verification of nickname existence 
  • OSINT of a mail server
    • Record record reverse verification, SPF, DKIM, DMARC, spam list verification
  • OSINT of an organization
    • VAT registration verification, job announcements
  • OSINT of an image
    • reverse lookup, EXIF data
  • Data breach
  • How to make notes during OSINT activities?
  • Practical workshops
    • Spiderfoot
    • Maltego
    • FOCA
    • Metagoofil
    • Gitrob
    • GCADMARCRiskScanner
    • DNSRecon
    • dnstwist
    • torbot
    • Photon
    • theHarvester
    • Recon-ng
  • Getting information from the past
    • Wayback Machine
    • Pastebin

Social engineering

  • Introduction to social engineering
    • history, famous social engineers
  • Concepts and fundamental elements
    • framing, manipulation, elicitation, pretexting, psychological principles, Neuro-Linguistic Programming (NLP)
  • The aspects of persuasion
    • Attack techniques: phishing, vishing, SMiShing, impersonation, trashing, baiting, web site cloning, lock picking
  • Practical workshops
    • September
    • Rubber Ducky
    • Shark Jack
    • Gophish
    • Rogue access point (Evil Twin)
  • Social engineering and pentest
  • Case Studies
    • real cases
    • film cases
  • Social Engineering Framework
  • Prevention and mitigation

Ich möchte teilnehmen

Trainings-Form

Personal Information
Vielen Dank für Ihr Interesse zu unseren Trainings. Die hier eingegebenen Daten werden streng vertraulich behandelt und ausschließlich zur Bearbeitung Ihrer Anmeldung verwendet.