Play by Play is a series in which top technologists work through a problem in real time, unrehearsed, and unscripted. In this course, Play by Play: A Penetration Tester’s Guide to Social Engineering, Stephen Haunts and Lars Klint are going to delve into the shadowy world of social engineering. Learn about information gathering, pre-texting, and manipulation. By the end of this course, you’ll know a wide range of techniques that you can use to protect yourself and your company from a social engineering attack.
Stephen Haunts is an experienced Software Developer and Leader who has worked across multiple business domains including Computer Games, Finance, and Healthcare Retail and Distribution. Stephen has worked in languages ranging from Assembler, various forms of BASIC, to C and C++, and then finding his love of C# and .NET.
Lars is an author, trainer, Microsoft MVP, community leader, authority on
all things Windows Platform, and part time crocodile wrangler. He is heavily
involved in the space of HoloLens and mixed reality, as well as a published
Pluralsight author, freelance solution architect, and writer for numerous
Course Overview Hi everyone. Welcome to our Play By Play course called A Penetration Tester's Guide to Social Engineering. My name is Stephen Haunts, and I'm software developer, leader, and trainer. And I'm Lars Klint, a freelance software developer, trainer, international speaker, and expert in Australian outback internet. Yes, that is really a thing. In this Play By Play course, we're going to delve into the shadowy world of social engineering. Social engineering is a series of techniques used to extract information from people for their own gain. The majority of the time, this is used for illegal gain by criminals, but social engineering is also used by people such as penetration testers to try and gain access to companies and their systems via their employees. In this Play By Play, me and Lars are going to cover a framework of social engineering that covers information gathering, pretexting, elicitation, and manipulation. We're going to go over some of the techniques used by social engineers to extract information from people. We will then cover lots of techniques that you can use to protect yourself and your companies from a social engineering attack. I hope you'll join me and Lars on this journey to learn about the fascinating world of social engineering in our Play By Play course, A Penetration Tester's Guide to Social Engineering here at Pluralsight.
A Framework for Social Engineering Cool, so now we've looked at precedence of what social engineering can be, what impersonation is, let's have a look at, you were mentioning a framework for how, well let's say implement it for lack of a better word. Yeah, so we'll take a high-level look at a framework that you would follow to plan an attack, a social engineering attack against someone. So if we look at the diagram we have on the screen here, it's split into four stages. So first of all we start off with information gathering, and then we've got pretexting, followed by elicitation, and then manipulation. So let's go through each of those in turn. Sure.