Social Engineering
BASIC DATA
course listing
A - main register
course code
ICS0018
course title in Estonian
Sotsiaalmanipulatsioon
course title in English
Social Engineering
course volume CP
-
ECTS credits
3.00
to be declared
yes
assessment form
Pass/fail assessment
teaching semester
spring
language of instruction
Estonian
English
Study programmes that contain the course
Structural units teaching the course
IC - IT College
Course description link
Timetable link
Version:
2020/2021 Spring
- 2020/2021 Spring
VERSION SPECIFIC DATA
course aims in Estonian
Anda üliõpilastele baasteadmised sotsiaalmanipulatsiooni olemusest (peamiselt IKT
kontekstis) ning selle põhivormidest, -võtetest ja -tehnikatest (k.a hübriidsed, tehnoloogilist komponenti sisaldavad ründed), samuti kaitseabinõudest selle vastu.
kontekstis) ning selle põhivormidest, -võtetest ja -tehnikatest (k.a hübriidsed, tehnoloogilist komponenti sisaldavad ründed), samuti kaitseabinõudest selle vastu.
course aims in English
To provide the students with basic knowledge about Social Engineering (mostly in the context of ICT), its common forms and techniques (including hybrid attacks involving technological components), and main countermeasures against it.
learning outcomes in the course in Est.
Kursuse läbinu:
- teab sotsiaalmanipulatsiooni olemust ning selle peamisi liike ja võtteid;
- tunneb manipulatsiooniüritusi ning käitub vastavalt olukorrale;
- omab ülevaadet sotsiaalmanipulatsiooni vältimise abinõusid nii tehnoloogia, väljaõppe kui ka regulatsioonide/eeskirjade osas.
- teab sotsiaalmanipulatsiooni olemust ning selle peamisi liike ja võtteid;
- tunneb manipulatsiooniüritusi ning käitub vastavalt olukorrale;
- omab ülevaadet sotsiaalmanipulatsiooni vältimise abinõusid nii tehnoloogia, väljaõppe kui ka regulatsioonide/eeskirjade osas.
learning outcomes in the course in Eng.
Student will:
- know the essence of Social Engineering and its common forms and techniques;
- recognize Social Engineering attempts and act accordingly;
- has an overview of the measures to prevent Social Engineering involving technology, training and policy/regulations.
- know the essence of Social Engineering and its common forms and techniques;
- recognize Social Engineering attempts and act accordingly;
- has an overview of the measures to prevent Social Engineering involving technology, training and policy/regulations.
brief description of the course in Estonian
Kursus koosneb 8 eri teemasid käsitlevast loengust (aluseks on võetud Christopher Hadnagy raamat "Social Engineering: The Art of Human Hacking", mida on täiendatud rea teiste allikatega) ning 4 praktilisest harjutustunnist. Osalejad jagatakse 4 rühma, iga rühm vastutab ühe harjutustunni läbiviimise eest (valib teema, koostab esitluse ning teiste rühmade osalusel läbiviidavad katsed, rollimängud vms), üldise temaatika lepib iga rühm ise õppejõuga kokku. Lisaks koostab iga osaleja ca 5-10 lk kirjatöö enda valitud, ent ainekohasel teemal.
Läbitavad põhiteemad:
1. Info kogumine.
2. Mõjutamine ja vajaliku info väljameelitamine.
3. Rollimäng ja selle eeltingimused.
4. Sotsiaalmanipulatsiooni psühholoogia.
5. Veenmiskunst.
6. Sotsiaalmanipulaatori töövahendid.
7. Näited ja juhtumikirjeldused.
8. Vastumeetmed: vältimine ja mõju vähendamine.
Läbitavad põhiteemad:
1. Info kogumine.
2. Mõjutamine ja vajaliku info väljameelitamine.
3. Rollimäng ja selle eeltingimused.
4. Sotsiaalmanipulatsiooni psühholoogia.
5. Veenmiskunst.
6. Sotsiaalmanipulaatori töövahendid.
7. Näited ja juhtumikirjeldused.
8. Vastumeetmed: vältimine ja mõju vähendamine.
brief description of the course in English
The course consists of 8 lectures covering various aspects of Social Engineering (the main approach is based on the book Social Engineering: The Art of Human Hacking by Christopher Hadnagy; it is complemented with assorted other sources) and 4 practical labs/seminars. The participants will be divided into 4 groups, each group will be responsible for one lab (chooses the main topic, compiles a presentation and exercises/experiments done with the participation of other students), the main topic of each lab will be consulted with the lecturer beforehands. In addition, each participant is to write a 5-10 page paper on a freely chosen but course-related topic.
The main topics of the course are:
1. Information gathering.
2. Elicitation.
3. Pretexting.
4. Psychological principles in SE.
5. Influence and persuasion.
6. Tools of SE.
7. Case studies and examples.
8. Prevention, mitigation and counters.
The main topics of the course are:
1. Information gathering.
2. Elicitation.
3. Pretexting.
4. Psychological principles in SE.
5. Influence and persuasion.
6. Tools of SE.
7. Case studies and examples.
8. Prevention, mitigation and counters.
type of assessment in Estonian
-
type of assessment in English
-
independent study in Estonian
-
independent study in English
-
study literature
The list includes, but is not limited to:
- ANDRESS, Jason. The Basics of Information Security: Understanding the Fundamentals of InfoSec in
Theory and Practice. Syngress 2011
- CONTOS, Brian T. Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise
Security Management Countermeasures. Syngress 2006
- GRAGIDO, Will, PIRC, John. Cybercrime and Espionage: An Analysis of Subversive Multi-vector
Threats. Syngress 2011
- GRAGIDO, Will et al. Blackhatonomics: An Inside Look at the Economics of Cybercrime. Syngress
2013
- HADNAGY, Christopher. Social Engineering: The Art of Human Hacking. Wiley Publishing 2011
- LONG, Johnny. No Tech Hacking: A Guide to Social Engineering, Dumpster Diving and Shoulder
Surfing. Syngress 2008
- LONG, Johnny et al. Google Hacking for Penetration Testers. Third Edition. Syngress 2016
- MITNICK, Kevin D., SIMON, William L. The Art of Deception: Controlling the Human Element of
Security. Wiley Publishing 2003
- MITNICK, Kevin D., SIMON, William L. The Art of Intrusion: The Real Stories Behind the Exploits fo
Hackers, Intruders & Deceivers. Wiley Publishing 2005
- NISSEN, Thomas Elkjer. The Weaponization of Social Media: Characteristics of Contemporary
Conflicts. Royal Danish Defence College 2015 (saadaval ka veebilehel https://www.stratcomcoe.org/thomasnissen-
weaponization-social-media)
- ANDRESS, Jason. The Basics of Information Security: Understanding the Fundamentals of InfoSec in
Theory and Practice. Syngress 2011
- CONTOS, Brian T. Enemy at the Water Cooler: Real-Life Stories of Insider Threats and Enterprise
Security Management Countermeasures. Syngress 2006
- GRAGIDO, Will, PIRC, John. Cybercrime and Espionage: An Analysis of Subversive Multi-vector
Threats. Syngress 2011
- GRAGIDO, Will et al. Blackhatonomics: An Inside Look at the Economics of Cybercrime. Syngress
2013
- HADNAGY, Christopher. Social Engineering: The Art of Human Hacking. Wiley Publishing 2011
- LONG, Johnny. No Tech Hacking: A Guide to Social Engineering, Dumpster Diving and Shoulder
Surfing. Syngress 2008
- LONG, Johnny et al. Google Hacking for Penetration Testers. Third Edition. Syngress 2016
- MITNICK, Kevin D., SIMON, William L. The Art of Deception: Controlling the Human Element of
Security. Wiley Publishing 2003
- MITNICK, Kevin D., SIMON, William L. The Art of Intrusion: The Real Stories Behind the Exploits fo
Hackers, Intruders & Deceivers. Wiley Publishing 2005
- NISSEN, Thomas Elkjer. The Weaponization of Social Media: Characteristics of Contemporary
Conflicts. Royal Danish Defence College 2015 (saadaval ka veebilehel https://www.stratcomcoe.org/thomasnissen-
weaponization-social-media)
study forms and load
daytime study: weekly hours
1.5
session-based study work load (in a semester):
lectures
1.0
lectures
-
practices
0.5
practices
-
exercises
0.0
exercises
-
lecturer in charge
-
LECTURER SYLLABUS INFO
semester of studies
teaching lecturer / unit
language of instruction
Extended syllabus or link to Moodle or to home page
2024/2025 spring
Kaido Kikkas, IC - IT College
English