SC300: Social Engineering Basics

Training: Security - Governance, Risk & Compliance

Participants receive a practical introduction to social engineering and learn how common attack tools and manipulation techniques are used. The course covers working with OSINT, psychological influence, as well as WLAN and LAN attack tools. Attacks via telephone, text message, or social media are also covered, as well as physical methods such as tailgating, lock picking, or RFID spoofing, in order to raise awareness.

Presence training Presence training

Start: 2025-12-01 | 10:00 am

End: 2025-12-02 | 04:00 pm

Location: Nürnberg

Price: 1.590,00 € plus VAT.

Presence training Presence training

Start: 2026-04-20 | 10:00 am

End: 2026-04-21 | 04:00 pm

Location: Nürnberg

Price: 1.590,00 € plus VAT.

Presence training Presence training

Start: 2026-09-07 | 10:00 am

End: 2026-09-08 | 04:00 pm

Location: Nürnberg

Price: 1.590,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Where do the threats originate, who is affected? Creation of an individual threat landscape

  • Legal and ethical aspects in the deployment of Social Engineering

  • Learning modules on the following topics (each as overview and introduction):
    • Creation of false identities
    • Research on the WWW via Deep Web Search, OSINT tools, AI-based services and Social Media
    • Overcoming access controls and barriers
    • Vulnerability identification and attack tactics
    • WLAN hacking with various tools
    • Hacker USB and LAN tools
    • Spear phishing
    • Vishing, smishing, call spoofing and role-playing exercises
    • Deployment of deepfakes (voice & face) with the corresponding tools and detection methods
    • Introduction to Daniel Kahneman's concept "Thinking, Fast and Slow" — System 1 / System 2 as explanation of cognitive decision processes and their relevance for manipulations and error susceptibility
    • Introduction to Robert Cialdini's principles of influence — Overview of the most important principles and their application in social engineering scenarios
    • Introduction to Paul Ekman's micro- and macroexpressions — Basics of nonverbal communication and practical tips for recognizing of emotional signals
    • Questioning techniques for finding the truth — overview of common questioning techniques, structured interview conduct and plausibility-oriented follow-up questions for better assessment of statements
  • Analysis of own vulnerability and defense options — prioritization of measures and quick wins

Objectives:

  • Providing a comprehensive overview of classic and modern social engineering techniques
  • Demonstrating how psychological decision-making mechanisms influence vulnerability to manipulation
  • Explaining fundamental principles of persuasion and influence so participants can identify manipulation patterns and develop counter-strategies
  • Presenting nonverbal indicators (micro-/macroexpressions) for better assessment of conversation situations
  • Introducing questioning techniques for finding the truth and their practical application in interviews and incident investigations
  • Practical classification of OSINT methods, spoofing techniques and deepfakes with focus on detection, prevention and legal framework conditions
  • Developing awareness and incident playbooks to minimize social attack surfaces

Target audience:

The course SC300 Social Engineering Basics is targeted at:
  • IT Security Management
  • Pentesters
  • Red and Blue Teamers
  • CISOs

Prerequisites:

 

To be able to follow the learning pace and content of the workshop SC300 Social Engineering Basics effectively, basic to advanced knowledge in the field of Social Engineering is recommended.

Description:

The course offers a compact, practice-oriented overview of social engineering: from OSINT research to technical attack vectors and physical access methods. In addition, key psychological concepts are explained as an introduction—including the distinction between fast-thinking and reflective thinking (Kahneman), basic principles of influence (Cialdini), and basic knowledge for recognizing nonverbal signals (Ekman). Furthermore, questioning techniques for truth-finding are presented, which teach structured interviewing and questioning logic in order to evaluate statements and uncover inconsistencies.

The practical part of the seminar includes legally compliant demos and exercises (OSINT speed runs, vishing role-plays, deepfake detection labs, hardware tool stations) as well as the creation of concrete action lists for use in organizations. Special focus is placed on identifying characteristics, organizational protective measures, and the development of effective awareness programs.

Expand your knowledge with expert skills in practice in the advanced course SC305 Social Engineering Practitioner.

Practical examples & exercises (selection)
• OSINT speedrun followed by source criticism and verification
• Vishing role-play with analysis of the psychological techniques used and application
check-icon

Guaranteed implementation:

from 2 Attendees

Booking information:

Duration:

2 Days

Price:

1.590,00 € plus VAT.

(including lunch & drinks)

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.