Social Engineering Operations
The art of human hacking. Pretexting, elicitation, and physical security assessments.
Curriculum
20 ModulesThe Psychology of Influence
Why we click. Cialdini's 6 Principles of Influence.
Open Source Intelligence (OSINT) for SE
Building a target profile to customize your attack vectors.
Pretexting: The Art of the Lie
Creating believable backstories, props, and personas.
Phishing: Crafting the perfect email
Domain spoofing, typsquatting, and persuasive copywriting.
Spear Phishing & Whaling
Targeting high-value individuals (CEOs/CFOs) with hyper-personalized attacks.
Vishing (Voice Phishing)
Phone elicitation techniques. Spoofing Caller ID and overriding suspicion.
Smishing (SMS Phishing)
Exploiting trust in mobile messaging and delivery notifications.
Impersonation Tools
Using Gophish, Evilginx2, and LinkedIn scrapers.
Physical Security: Lock Picking
Basics of pin tumbler locks and bypass tools.
Physical Security: Tailgating
Accessing secure facilities by following authorized personnel.
Physical Security: RFID Cloning
Cloning access badges (HID Prox/iClass) with Proxmark3.
USB Drops & Baiting
Leaving infected media in parking lots and lobbies.
Elicitation Techniques
Extracting sensitive info without asking questions (The "My Project is similar" technique).
Deepfakes & AI Impersonation
Cloning voices and faces for advanced vishing attacks.
Dumpster Diving
Recovering sensitive documents from trash (Legal & Ethical boundaries).
Micro-Expressions
Reading facial cues to detect lies or discomfort in your target.
Reporting SE Assessments
Writing report that emphasize "Human Risk" without shaming employees.
Defense: Security Awareness Training
Building programs that actually change culture (Phishing simulations).
Legal & Ethical Boundaries
Designing Rules of Engagement (RoE) and "Get Out of Jail Free" letters.
Capstone: The Heist
A full-scope Red Team engagement plan involving physical and digital SE.