SC305: Social Engineering Practitioner

Training: Security - Governance, Risk & Compliance

Learn how to use modern attack tools and psychological techniques in a practical way. Advanced methods in OSINT, phishing, tailgating, elicitation as well as physical procedures such as lock-picking and RFID spoofing are taught. The course places strong focus on hands-on exercises, documented test procedures and the ability to plan and execute realistic, legally compliant simulations.

Presence training Presence training

Start: 2025-12-03 | 10:00 am

End: 2025-12-04 | 04:00 pm

Location: Nürnberg

Price: 1.590,00 € plus VAT.

Presence training Presence training

Start: 2026-04-22 | 10:00 am

End: 2026-04-23 | 04:00 pm

Location: Nürnberg

Price: 1.590,00 € plus VAT.

Presence training Presence training

Start: 2026-09-09 | 10:00 am

End: 2026-09-10 | 04:00 pm

Location: Nürnberg

Price: 1.590,00 € plus VAT.

Request prefered appointment period:

* All fields marked with an asterisk are mandatory fields.

Agenda:

  • Deepening social skills and psychological techniques for influencing behavior

  • Practical exercises on questioning and interview techniques (exercises on structured conversation)

  • Setting up and operating credible sockpuppets for authorized testing

  • COA (Course of Action): Creating and documenting attack plans including threat modeling and operational security

  • OSINT workflows with AI-assisted services: automation, verification and source criticism

  • Spear phishing simulations: crafting, delivery and evaluation in an authorized test environment (test infrastructure/simulation mail server)

  • Physical exercises: lock picking, tailgating scenarios, RFID spoofing with Flipper Zero (Flipper Zero distribution per participant; initial application exercises and secure configurations)

  • SMS and call spoofing: demonstration in secured lab environment, detection features and countermeasures (no unauthorized usage)

  • Deepfake workflow (offensive & forensic perspective): generating realistic speech and voice deepfakes on local systems including integration into meeting software

  • Evaluation of the exercises: metrics, reporting and recommendations for stakeholders

  • Conclusion: creation of a legally compliant, reproducible test plan with awareness and remediation recommendations

Objectives:

  • Practical ability to perform professionally documented social engineering tests (planning, execution, reporting)
  • Learning OSINT methods including the effective use of AI services for efficient and verified information gathering
  • Use and secure configuration of Flipper Zero in typical work scenarios as well as initial, secure programming approaches
  • Ability to generate synthetic deepfake samples in legally secured training environments
  • Aability to plan and implement authorized phishing simulation campaigns that serve awareness and security validation purposes
  • Strengthening personal operational competency: Participants are pushed to the limits of their comfort zone through realistic scenarios, learn reflection and de-escalation and receive methods for self-protection and team debriefing

Target audience:

The course SC305 Social Engineering Practitioner is targeted at:

  • IT Security Management
  • Penetration Testers
  • Red and Blue Teamers
  • Security Consultants and Incident Response Teams

Prerequisites:

To effectively follow the learning pace and content of the workshop SC305 Social Engineering Practitioner, we recommend prior participation in the course SC300 Social Engineering Basics or equivalent knowledge.

Description:

The advanced course SC305 Social Engineering Practitioner combines in-depth theoretical inputs with a high proportion of hands-on exercises. Each participant receives a Flipper Zero for use in course exercises and as an introduction to daily work; initial use cases, secure configurations and basic programming are taught. The OSINT sessions cover automated research pipelines, data aggregation and verification strategies using AI services.

Phishing exercises and deepfake lab experiments are conducted exclusively in authorized, isolated test environments or only within the scope of written consent and clearly defined scope — the objective is to strengthen detection, defense and forensics capabilities, not to enable unauthorized attacks. Simultaneously, the course trains realistic role-playing and scenarios that deliberately bring participants to the edge of their personal comfort zone — accompanied by debriefings, ethical reflection and psychological safety measures.

Goodies included in course price:
VM for Social Engineering, Lock-Picking Set, Flipper Zero

Hands-on exercises & equipment (extract)
• Flipper Zero (basic setup, initial secure scripts)
• OSINT lab with AI support (verification, prioritization, source criticism)
• Phishing simulation lab (test mail server, monitoring, reporting)
• Deepfake lab (generating controlled samples for detection exercises and awareness)
• SMS/Call spoofing demonstration (lab)
• Physical hacking station: lock picking, RFID tests, tailgating scenarios
• Reporting workshop: creation of a legally secured test report and action recommendations

Legal & ethics notice
All practical work is bound to strict legal and ethical requirements. Generation or distribution of synthetic content and live spoofing are conducted only in controlled, authorized environments; unauthorized attacks are not taught or promoted. Participants also learn the required documentation, consent processes and compliance requirements for legal test assignments.

Learning control / certificate
Practical final assignment: development and presentation of a complete, legally compliant social engineering test plan including test scope, methodology, risk management and reporting. Upon successful completion, participants receive a certificate as well as an individual best practice checklist.

check-icon

Guaranteed implementation:

from 2 Attendees

Booking information:

Duration:

2 Days

Price:

1.590,00 € plus VAT.

(including lunch & drinks)

Authorized training partner

NetApp Partner Authorized Learning
Commvault Training Partner
CQI | IRCA Approved Training Partner
Veeam Authorized Education Center
Acronis Authorized Training Center
AWS Partner Select Tier Training
ISACA Accredited Partner
iSAQB
CompTIA Authorized Partner
EC-Council Accredited Training Center

Memberships

Allianz für Cyber-Sicherheit
TeleTrust Pioneers in IT security
Bundesverband der IT-Sachverständigen und Gutachter e.V.
Bundesverband mittelständische Wirtschaft (BVMW)
Allianz für Sicherheit in der Wirtschaft
NIK - Netzwerk der Digitalwirtschaft
BVSW
Bayern Innovativ
KH-iT
CAST
IHK Nürnberg für Mittelfranken
eato e.V.
Sicherheitsnetzwerk München e.V.