+49 (911) 80 10 30

Give us a call or have us call you back!

Simply leave a message with your callback appointment

Your Name *

Your phone number *

Callback date *

Callback time *

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.

* All fields marked with an asterisk are mandatory fields.
Send a message

Your Name *

Your email *

Your phone number

Your request *

In order to process your request, it is necessary to process the data you provide. This means that by submitting the contact form, you consent to your data being processed (see Privacy Policy). You can object to the processing of your data at any time.*

* All fields marked with an asterisk are mandatory fields.
Social Media

Share page

SC305: Social Engineering Practitioner

Training: Security - Governance, Risk & Compliance

Learn how to use modern attack tools and psychological techniques in a practical way. Advanced methods in OSINT, phishing, tailgating, elicitation as well as physical procedures such as lock-picking and RFID spoofing are taught. The course places strong focus on hands-on exercises, documented test procedures and the ability to plan and execute realistic, legally compliant simulations.

Appointment selection

Appointments in German language (3)


Presence training	2025-12-03 \| 10:00 am	2025-12-04 \| 04:00 pm	Nürnberg
Presence training	2026-04-22 \| 10:00 am	2026-04-23 \| 04:00 pm	Nürnberg
Presence training	2026-09-09 \| 10:00 am	2026-09-10 \| 04:00 pm	Nürnberg

Possible course languages: German

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Presence training

Start: 2025-12-03 | 10:00 am

End: 2025-12-04 | 04:00 pm

Location: Nürnberg

Price: 1.590,00 € plus VAT.

Presence training

Start: 2026-04-22 | 10:00 am

End: 2026-04-23 | 04:00 pm

Location: Nürnberg

Price: 1.590,00 € plus VAT.

Presence training

Start: 2026-09-09 | 10:00 am

End: 2026-09-10 | 04:00 pm

Location: Nürnberg

Price: 1.590,00 € plus VAT.

Request prefered appointment period:

Your Name *

Your email *

Your phone number

Preferred period from *

Preferred period to *

Number of participants *

Your message

* All fields marked with an asterisk are mandatory fields.

Agenda:

Deepening social skills and psychological techniques for influencing behavior

Practical exercises on questioning and interview techniques (exercises on structured conversation)

Setting up and operating credible sockpuppets for authorized testing

COA (Course of Action): Creating and documenting attack plans including threat modeling and operational security

OSINT workflows with AI-assisted services: automation, verification and source criticism

Spear phishing simulations: crafting, delivery and evaluation in an authorized test environment (test infrastructure/simulation mail server)

Physical exercises: lock picking, tailgating scenarios, RFID spoofing with Flipper Zero (Flipper Zero distribution per participant; initial application exercises and secure configurations)

SMS and call spoofing: demonstration in secured lab environment, detection features and countermeasures (no unauthorized usage)

Deepfake workflow (offensive & forensic perspective): generating realistic speech and voice deepfakes on local systems including integration into meeting software

Evaluation of the exercises: metrics, reporting and recommendations for stakeholders

Conclusion: creation of a legally compliant, reproducible test plan with awareness and remediation recommendations

Objectives:

Practical ability to perform professionally documented social engineering tests (planning, execution, reporting)
Learning OSINT methods including the effective use of AI services for efficient and verified information gathering
Use and secure configuration of Flipper Zero in typical work scenarios as well as initial, secure programming approaches
Ability to generate synthetic deepfake samples in legally secured training environments
Aability to plan and implement authorized phishing simulation campaigns that serve awareness and security validation purposes
Strengthening personal operational competency: Participants are pushed to the limits of their comfort zone through realistic scenarios, learn reflection and de-escalation and receive methods for self-protection and team debriefing

Target audience:

The course SC305 Social Engineering Practitioner is targeted at:

IT Security Management
Penetration Testers
Red and Blue Teamers
Security Consultants and Incident Response Teams

Prerequisites:

To effectively follow the learning pace and content of the workshop SC305 Social Engineering Practitioner, we recommend prior participation in the course SC300 Social Engineering Basics or equivalent knowledge.

Description:

The advanced course SC305 Social Engineering Practitioner combines in-depth theoretical inputs with a high proportion of hands-on exercises. Each participant receives a Flipper Zero for use in course exercises and as an introduction to daily work; initial use cases, secure configurations and basic programming are taught. The OSINT sessions cover automated research pipelines, data aggregation and verification strategies using AI services.

Phishing exercises and deepfake lab experiments are conducted exclusively in authorized, isolated test environments or only within the scope of written consent and clearly defined scope — the objective is to strengthen detection, defense and forensics capabilities, not to enable unauthorized attacks. Simultaneously, the course trains realistic role-playing and scenarios that deliberately bring participants to the edge of their personal comfort zone — accompanied by debriefings, ethical reflection and psychological safety measures.

Goodies included in course price:
VM for Social Engineering, Lock-Picking Set, Flipper Zero

Hands-on exercises & equipment (extract)
• Flipper Zero (basic setup, initial secure scripts)
• OSINT lab with AI support (verification, prioritization, source criticism)
• Phishing simulation lab (test mail server, monitoring, reporting)
• Deepfake lab (generating controlled samples for detection exercises and awareness)
• SMS/Call spoofing demonstration (lab)
• Physical hacking station: lock picking, RFID tests, tailgating scenarios
• Reporting workshop: creation of a legally secured test report and action recommendations

Legal & ethics notice
All practical work is bound to strict legal and ethical requirements. Generation or distribution of synthetic content and live spoofing are conducted only in controlled, authorized environments; unauthorized attacks are not taught or promoted. Participants also learn the required documentation, consent processes and compliance requirements for legal test assignments.

Learning control / certificate
Practical final assignment: development and presentation of a complete, legally compliant social engineering test plan including test scope, methodology, risk management and reporting. Upon successful completion, participants receive a certificate as well as an individual best practice checklist.