As a security professional, you need to test non-technical attack vectors within our engagement. We’ll look at different tools that we can use to bypass locks, motion sensors and even users themselves.
Security professionals tend to focus on the technical aspects of attacks and forget that infrastructures can be compromised by the non-technical hacks.
If non-technical attacks such as social engineering and physical security testing are within the scope of your pen-testing engagement, you will want to hold off on moving into active reconnaissance. In this course, Performing Non-Technical Tests for CompTIA PenTest+, you will gain the ability to truly evaluate the non-technical (digital) aspects of a penetration test. First, you will learn how social engineering can manipulate users into doing things they normally wouldn't do. Next, you will discover how easy it is to implement a USB drop and how effective it still is today. Finally, you will explore how to circumvent the physical security controls in place. When you’re finished with this course, you will increase your skills and knowledge as a security professional needed to perform non-technical penetration tests.
Dale Meredith has been a Certified Ethical Hacker/Instructor EC-Council for the past 15 years, and Microsoft Certified Trainer for over 20 years. Dale also has an additional 7 years of senior IT management experience and worked as a CTO for a popular ISP provider. Dale's expertise is in explaining difficult concepts and ensuring his students have an actionable knowledge of the course material.
Course Overview (Music) Hi, my name is Dale Meredith, and I want to welcome you all to my course, Performing Non-Technical Tests for CompTIA PenTest+. Now, this course is actually part of a series for the CompTIA PenTest+ Certification program. Hey, but don't worry, I'm going to go over and cover other information that's actually more real world here for you so that you get a little bit more bang for your buck. And this course is actually really fun. It's one of my favorites because it's about how to gain more information about your target in a PenTest without using a computer. Listen, if you're not familiar with this type of attack, you should be because attackers spend a lot of their time gathering information about their target through non-technical attacks. In fact, this type of an attack can expose some, shall we say, interesting opportunities. We're going to go through first and we'll learn about things like social engineering and understand why the attack method works so well. Then we'll go through and take a look at the infamous USB drop and how to successfully deploy your evil little minions. Then we'll really have some fun by attacking the physical aspects of the target including how to duplicate RFID badges, bypassing a locked door, yeah, and even using the Social-Engineering Toolkit to craft some really cool phishing campaigns. By the end of this course, you'll have all the skills and knowledge to perform your own non-technical attacks on your target, or maybe even your own company. But remember, just because you can doesn't mean you can. You have to get permission. Now, before you start this course, you should be somewhat familiar with basic network technologies. You should also be familiar with operating systems like Windows, as well as Kali Linux. And, you need to make sure that you go back and watch and set up, it's kind of a requirement, the lab environment from our course Laying the Foundation for Penetration Testing for CompTIA PenTest+. That's a long one, huh? Now after you watch this course, you should feel a lot more comfortable about diving into other courses within this series, including how to do active reconnaissance, as well as even hacking systems. You might even explore in the Ethical Hacking series. Listen, you can never have enough information, right? So, I hope you'll join me on this journey as we learn how to think and do things like attackers without getting caught because, hey, you're Performing Non-Technical Tests for CompTIA PenTest+, here at Pluralsight.