Inside and Out of the Social-Engineer Toolkit (SET)

Overview

The Social-Engineer Toolkit is an open-source standard for penetration testers to test the effectiveness of their overall education and awareness programs. SET is designed to couple sophisticated and targeted attacks and leverage the human element to make an extremely large attack. SET has been featured on BBC, the History channel, and a number of other media outlets and used by penetration testers across the world. This course will cover how to leverage sophisticated attack vectors using the social-engineer toolkit and how to customize it during a penetration test.

Some additional information

• Here's SET on the History channel: http://vimeo.com/34539161
• Talk I did that has some portions of SET at Defcon 19: http://vimeo.com/29282237
• DerbyCon talk with Kevin Mitnick includes SET: http://vimeo.com/31663242
• A link to the DerbyCon 2011 training given that sold out: http://www.derbycon.com/training-2011/

Who should attend

Penetration testers, security enthusiasts, IT personnel Student Requirements, experience/expertise: Those with basic experience of Linux and penetration testing

What to bring

Students must have a virtual machine or computer with the latest BackTrack Linux distribution. Students must also have a Windows XP or Windows 7 machine which can be fully patched to perform the social-engineering attacks on.

Materials Supplied

• A copy of the book Metasploit: The Penetration Testers Guide
• A free Teensy device used to perform social-engineering attacks

Trainer

Dave Kennedy is founder and principal security consultant of TrustedSec, LLC - An information security consulting firm located in Cleveland Ohio. David was the former Chief Security Officer (CSO) for a Fortune 1000 where he ran the entire information security program. Kennedy is a co-author of the book "Metasploit: The Penetration Testers Guide," the creator of the Social-Engineer Toolkit (SET), and the creator of Artillery. Kennedy has presented on a number of occasions at Blackhat, Defcon, ShmooCon, BSIDES, Infosec World, Notacon, AIDE, ISACA, ISSA, Infragard, Infosec Summit, and a number of other security-related conferences. Kennedy has been interviewed by several news organizations including BBC World News. Kennedy is on the Back|Track and Exploit-DB development team and co-host of the Social-Engineer.org podcast and regular on ISDPodcast. Kennedy is one of the co-authors of the Penetration Testing Execution Standard (PTES); a framework designed to fix the penetration testing industry. Kennedy is the co-founder of DerbyCon, a large-scale conference in Louisville Kentucky. Prior to Diebold, Kennedy was a VP of Consulting and Partner of a mid-size information security consulting company running the security consulting practice. Prior to the private sector, Kennedy worked for the three letter agencies and deployed to Iraq twice for intelligence related missions.