SC300: Social Engineering Basics

Agenda:

• Where do the threats originate, who is affected? Creation of an individual threat landscape
  
  

• Legal and ethical aspects in the deployment of Social Engineering
  
  

• Learning modules on the following topics (each as overview and introduction):
  • Creation of false identities
  • Research on the WWW via Deep Web Search, OSINT tools, AI-based services and Social Media
  • Overcoming access controls and barriers
  • Vulnerability identification and attack tactics
  • WLAN hacking with various tools
  • Hacker USB and LAN tools
  • Spear phishing
  • Vishing, smishing, call spoofing and role-playing exercises
  • Deployment of deepfakes (voice & face) with the corresponding tools and detection methods
  • Introduction to Daniel Kahneman's concept "Thinking, Fast and Slow" — System 1 / System 2 as explanation of cognitive decision processes and their relevance for manipulations and error susceptibility
  • Introduction to Robert Cialdini's principles of influence — Overview of the most important principles and their application in social engineering scenarios
  • Introduction to Paul Ekman's micro- and macroexpressions — Basics of nonverbal communication and practical tips for recognizing of emotional signals
  • Questioning techniques for finding the truth — overview of common questioning techniques, structured interview conduct and plausibility-oriented follow-up questions for better assessment of statements

• Analysis of own vulnerability and defense options — prioritization of measures and quick wins

Objectives:

• Providing a comprehensive overview of classic and modern social engineering techniques
• Demonstrating how psychological decision-making mechanisms influence vulnerability to manipulation
• Explaining fundamental principles of persuasion and influence so participants can identify manipulation patterns and develop counter-strategies
• Presenting nonverbal indicators (micro-/macroexpressions) for better assessment of conversation situations
• Introducing questioning techniques for finding the truth and their practical application in interviews and incident investigations
• Practical classification of OSINT methods, spoofing techniques and deepfakes with focus on detection, prevention and legal framework conditions
• Developing awareness and incident playbooks to minimize social attack surfaces

Target audience:

• IT Security Management
• Pentesters
• Red and Blue Teamers
• CISOs

Prerequisites:

 

To be able to follow the learning pace and content of the workshop SC300 Social Engineering Basics effectively, basic to advanced knowledge in the field of Social Engineering is recommended.

Description:

The course offers a compact, practice-oriented overview of social engineering: from OSINT research to technical attack vectors and physical access methods. In addition, key psychological concepts are explained as an introduction—including the distinction between fast-thinking and reflective thinking (Kahneman), basic principles of influence (Cialdini), and basic knowledge for recognizing nonverbal signals (Ekman). Furthermore, questioning techniques for truth-finding are presented, which teach structured interviewing and questioning logic in order to evaluate statements and uncover inconsistencies.

The practical part of the seminar includes legally compliant demos and exercises (OSINT speed runs, vishing role-plays, deepfake detection labs, hardware tool stations) as well as the creation of concrete action lists for use in organizations. Special focus is placed on identifying characteristics, organizational protective measures, and the development of effective awareness programs.

Expand your knowledge with expert skills in practice in the advanced course SC305 Social Engineering Practitioner.

Practical examples & exercises (selection)
• OSINT speedrun followed by source criticism and verification
• Vishing role-play with analysis of the psychological techniques used and application