I’ve recently taken the Social Engineering Expert from RedTeam Security. If you don’t know about them, check out their articles and videos about their engagements, they’re doing some really cool stuff. In this post I will share my impressions about the course.
First of all, the author of the course is also the founder of RedTeam Security, Jeremiah Talamantes. He’s authored a book called The Social Engineer’s Playbook: A Practical Guide to Pretexting , which I haven’t tried yet. He is clearly very experienced and throughout the course, he’s sharing various stories from the operations he’s conducted.
The course is priced at 59$, but there are discounts every now and then. The training is video-based, where the instructor is sharing slides and talking about the topics. There are some valuable documents that can be downloaded, mainly templates and sample models for social engineering reports, plans and field notes guides. These can be used as starting points for your own operations.
As for the main structure of the course, it is as follows:
Introduction to social engineering – this covers the terminology around SE (it’s getting tiring to type that) and goes through several examples
Attack vectors – very useful section for actually conducting a SE campaign, it goes over different techniques and tools for social engineering your target, with actionable tips that you can use right away to enhance your operations. It also summarizes an attack in a very clear way, through the Social Engineering Kill Chain
Methodology – this is another very practical section that covers planning and execution.
Information gathering – physical and digital techniques for information gathering. There is a gear list for physical reconaissance that makes for a good reference. However, I found the digital side to be under-represented, only Maltego and Metagoofill are discussed. I would have expected at least a breakdown of the SET functionality, and more demos about OSINT and conducting phishing campaigns.
Psychology & manipulation – very applicable in day-to-day life, not limited to the field of security and SE, this describes various influencing and elicitation techniques that can be used to gain information or an expected behavior from a target. Not only that, but it also gives you awareness of such techniques being used on you.
Non-verbal communicaton – this is where micro expressions and body language are discussed. It essentially gives you a roadmap for reading people’s true feelings and intentions, detecting lies, and masking your own thoughts. Very practical to be aware of these thing in all kinds of settings and social interactions.
All in all, I’ve really enjoyed this course and highly recommend it. What would have made it even better would have been a practical component in order to complete it, a lab or task around phishing / OSINT, especially since at the end you get a certification. That being said, this is a very solid course and you don’t need to be social engineered to get it :D
1 2 3 4 5 6 7 8 9