In Partnership with

Upcoming Conference Trainings:

SUPPORT   212-835-2311

April Wright is an information security speaker, author for O'Reilly, community leader, and a generalist hacker with 25+ years of breaking, making, fixing, and protecting "all the things" while playing roles on offensive, defensive, reactive, operational, and development teams. April has collected dozens of certifications to add letters at the end of her name and recently almost died in Dracula's secret staircase. Nevertheless, she persisted and still roams the globe teaching both hackers and non-security people how to protect personal privacy and the most important assets that impact our lives. She has been a speaker and contributor at conferences including BlackHat, DefCamp, DerbyCon, OWASP and ISSA, started multiple businesses, co-founded the Boston DC617 community, and you may have spotted her replying to your Global DEF CON Groups emails. April is a polymath who has been working with Verizon to build more secure software from the ground up by wielding a pragmatic SDLC carrot-stick guidance system and performing risk reduction with a vengeance via comprehensive governance and compliance programs for massive global infrastructures. April once read on 'teh interwebs' that researchers at the University of North Carolina released a comprehensive report in 2Type your paragraph here.

Jayson E. Street is the author of the book series "Dissecting the hack", and serves as a Global Ambassador for the Defcon Groups – The longest running hacking conference in the world. Additionally, Jayson serves as the Vice President of InfoSec for SphereNY. Highly sought as a global industry leader, he speaks at dozens of venues each year in the technical, business and academic arenas.  Some examples from the past twelve months include: Defcon, DerbyCon, GRRCon, National Chamber of Commerce Events, National Banking Industry Events, National Private Security events as well as several other 'CONs and colleges on a variety of Information Security subjects in the United States and across the world. Jayson has been recognized for various achievements over the years including his nomination as of one of Time's persons of the year in 2006.

OVERVIEW


The ability to "think like an attacker" is the best way to defend against attacks. Your employees are your biggest asset, but also at the biggest risk for social engineering (SE). Awareness is the best defense against SE threats. Class activities will introduce students to profiling the online presence of employees and enterprises, as well as performing hands-on attacks against WiFi and physical computers. After successful completion of this course, students will have a better understanding of how to detect and/or prevent to SE events by  looking at their defenses from a different perspective. Students will gain insight into how to educate others and create greater awareness about the various dangers that can occur. Students will also learn about operational security (OPSEC) for defense against attacks. The primary goal of this course is to demonstrate vulnerabilities with the intent of substantially increasing the security posture of an organization by implementing changes to better handle malicious SE attacks. This 2-day course will use current Red Team strategies to develop a better understanding of how attackers use SE, as well as provide methods to prevent and detect these attacks via awareness programs and "teachable moments". A custom Hak5 Field Kit will be provided to each student for use during the class, which students will be able to keep and take home.






What someone would get out of the class:


  • Understand common attack vectors for social engineering
  • OSINT techniques:
    • Social media
    • Specialized tools and Deep Web searches
    • Website Recon and Plugins
  • How attacks can be customized based on OSINT to be more effective
  • Learn how to use common social engineering attack tools to demonstrate vulnerability
  • Crafting and delivering payloads via:
    • Spearphishing
    • Hak5 Pineapple
    • Hak5 BashBunny
  • Risk evaluation of humans and company footprints
  • Learn from case studies about real-world attacks
  • Gain techniques for OPSEC defense to prevent OSINT attacks
  • Build a foundation for effective security awareness programs






WHO SHOULD TAKE THIS COURSE


  • Security defenders
  • Blue team (Data Forensics, Incident Response, Analysts)
  • Security Auditors
  • Internal Awareness Teams / Trainers
  • Infosec personnel interested in defending against social engineering
  • IT support staff
  • Customer-facing call-centers and similar jobs
  • Anyone interested in learning more about common social engineering attacks







STUDENT REQUIREMENTS


  • No prerequisites, per se
  • Students should have a willingness to try







WHAT STUDENTS SHOULD BRING

  • A laptop with WiFi capability
  • A phone or a tablet with WiFi capability. A 2nd laptop would also work.
  • If required for their laptop (e.g. newer Macbooks), an adapter so the student is able to connect a USB-A cable (e.g. USB-C to USB-A adapter)







WHAT STUDENTS WILL BE PROVIDED WITH

Students will be provided with a custom Hak5 Field Kit that they will get to keep.