Intense Social Engineering.
The AntiSocial Engineer hosts intensive courses aimed at people wishing to learn more about social engineering. We will provide a unique insight into both our own ethical social engineering assessments and malicious social engineering in the wild that we have helped stop. In a friendly small group scenario we will supply all software and tools that will be needed to follow along with practical workshops, provide live demos to hone your attacking skills and teach you the techniques needed to protect against social engineering attacks.
Starting on an easier to follow foundation level, we will cover the basics of realistic social engineering, advancing through the techniques used by active campaigns. We aim to apply this knowledge to a corporate scenario, giving security personnel the skills needed to implement a good level of social engineering defence within their organisation.
1 Day – Foundational Level
OSINT - Making the most of the openly available data around you.
Staff Enumeration - Whilst automation is easy, we look at the smarter ways to collect data online.
Phishing - An overview of how phishing servers are created and maintained in ethical and malicious campaigns.
Telephony - SMShing and common voice based telephony attacks.
2 Day – Advanced Level
Everything covered on our one day course and....
Pretexting, Ellicitation, Quid Pro Quo - We will look at the underlying techniques and psychology used by social engineers.
What can an organisation do to stop this? - Practical tips and advice on implementation.
Redteaming - An indepth look at real redteam assesments. We share what we have learnt so you can protect your organisation against physical attacks.
Post 2018 - Trends in social engineering and how the attacks will vary in the future.
Book Your Space.
Most sessions will be held at a our custom training room:
In June the location is a prestigious London boardroom situated near Canary Wharf and training will align with the neighbouring cyber security events in the first week of June, such as Information Security Europe and BSides London. The following will be provided at no extra charge on each day:
Parking (Subject to booking availabilty)
Brunch and morning refreshments
Here’s All The Training.
Here’s All The Training.
Classroom Based Learning
cyber security sessions for groups and businesses that want a selection of people to receive a basic understanding of social engineering.These intimate sessions give everyone the chance to ask questions, get involved in something so much richer than another powerpoint presentation. Information security can be a dry subject – let us teach you in a fun way.
Call Centre Training
If you run a call centre you will be aware just how many inbound calls could be deemed malicious. Fraudsters regularly target call centres to obtain information about their target. With many call centres in the UK being operated on behalf of third parties it is essential your call centre is not accidentally disclosing information. Protection from ‘Vishing’ calls comes from having staff that recognise the tell-tale signs of a fraudster. The AntiSocial Engineer Limited can: Test call centre staff on how they handle authentication with Telephone Attacks. Review independently your businesses call centre operations. Offer training to department managers in how to train effective teams. Train call centre employees directly to spot the signs, how to comply with the requirement of the data protection act and more.
Phishing Awareness Campaigns
Phishing awareness campaigns aim to provide a positive security culture within your organisation by focusing on click rate reduction and staff awareness. All members of staff are assessed with bespoke email templates, which can lead to a login portal for credential input and a clear journey that always results in an educational landing page. This type of assessment gives your organisation the insight to usable statistics for continual improvement and can be arranged on a more frequent basis for increased impact. Email Template Design & Portal Design We dynamically evolve our template creation based upon our findings and investigation into your organisation. For instance if your organisation uses a certain kind of SSL VPN we will look to fraudulently clone that exact brand and version, making our campaigns realistic. In a similar fashion phishing emails will follow staff profiling, ensuring every email received has a certain lure that cant be replicated with traditional ‘point and click’ solutions elsewhere.
Click Rate Reduction
Whilst security is almost always multifaceted, sometimes your organisation is tasked with one simple task – Get the click rate down!
Working in response to employee testing we can assess your organisation’s ‘click rate’ this benchmark allows us to analyse just how many people would click the link within an email, then we can work on getting it down and improve upon it. Training can be supplied in many formats; 1-2-1 Sessions, Teacher-Class, Online assessment and Literature.
Bespoke solutions are tailored to fit your business and educate your staff in the best ways possible. After training, we believe in retesting to monitor training effectiveness.
- Combined effectively with ‘Professional Services – Phishing’
- Always the best training medium for your employees
Daily Consultancy Service
When your business is focusing on social engineering prevention you might need advice that tailored to your organisation. The AntiSocial Engineer Limited can offer our specialised consultancy services and report on events that are affecting your organisation, using our knowledge can decrease the likely hood of a data breach or financial loss. By using our consultancy service we can help with understanding risks, analyse existing threats and transfer essential knowledge. Consultancy can also be an easy way to commission services fast, in order to provide agile security implementations.
Our principal consultant Richard De Vere is available for speaking engagements.A range of talk styles are available, from briefing a board room to teaching a school.
We are the only company in the UK to offer a full SMShing campaign, by combining consultant managed campaigns with the carrier level contacts we have we can offer you a truly unique service.
Very similar to how a phishing email works, SMShing will focus on text messages and attacks against staff mobile phones. These can be generic messages or highly focused ‘spears’ akin to Spear Phishing Emails. User statistics such as click through rates of enclosed links, browser & device information are obtained and reported on.
SMShing is a commonly used attack vector in the wild yet few businesses adopt assessments into their testing habits. Choosing to defy this trend, your business could benefit from the foresight in testing staff.
- Bulk SMS messages can be sent, covering 1 member of staff to a million.
- Custom sender ID, we can mask the sender with a custom name.
- Full data analytics, every text message traced, Every click and time saved.
- Guide users to reply with information, click a link or even navigate to a custom login portal that will harvest credentials – right from their mobile phone in seconds.
- Secure data, Your staff data is in good hands every step of the way. We work directly with the nation’s safest SMS service centres.
Contact Us 24/7
T: 0333 9874257