RT-SOEN – Social Engineering

Categories: English, Social Engineering

About Course

*** Currently available at a reduced price while video lessons are in production. All written lessons and assessments are complete and fully accessible now. Video content will be added over the coming months at no additional cost to enrolled students. ***

This course lays out a complete, professional curriculum for authorized offensive social engineering within red-team programs. You will learn human-centric tradecraft from first contact to closeout: elicitation, influence, pretext design, and how to blend these skills with physical covert campaigns and hybrid ops. The course covers target research, story framing, voice and presence, space cues, timing, and escalation control, all anchored to clear Rules of Engagement and safety protocols. Learners practice comms and deconfliction, document every action for audit, and produce reusable artifacts such as pretext briefs, wardrobe and prop lists, comms trees, and AAR templates. The result is a team that executes cleanly, protects the client and the operator, and can prove its work.

Design and validate social engineering campaigns that support covert and hybrid engagements
Create ethical, authorized pretexts and escalation paths for human interaction testing
Map human attack surface including suppliers, contractors, and employee behaviors
Convert social findings into operational inputs, detection tests, and mitigations
Coordinate social campaigns with physical and tech-based actions

Course Content

Foundations of Offensive Social Engineering

Definitions, scope and ethical boundaries for authorized SE
Integration of social engineering into red-team campaigns
Authorization, consent, and escalation protocols
Balancing realism with legal/ethical limits
Measuring impact and defensibility

Human Attack Surface Mapping

Pretext Development & Narrative Design

About Course

What Will You Learn?

Course Content

Foundations of Offensive Social Engineering

Definitions, scope and ethical boundaries for authorized SE

Integration of social engineering into red-team campaigns

Authorization, consent, and escalation protocols

Balancing realism with legal/ethical limits

Measuring impact and defensibility

Human Attack Surface Mapping

Identifying target roles, vendor touchpoints and insider pathways

Persona-driven mapping of influence vectors

Social graph construction from OSINT and HUMINT

Prioritizing human targets by access value

Documenting human-surface provenance

Pretext Development & Narrative Design

Building believable pretexts for physical and remote approaches

Layered narratives: plausibility, backstory, and contingencies

Persona blending and role alignment

Validation and rehearsal workflows

Pretext risk assessment and kill-switches

Elicitation, Conversational Techniques & Influence

Open vs closed elicitation strategies for information gain

Framing, mirroring, and behavioral levers in conversational flow

Time-based elicitation and scheduling tactics

Ethical escalation and safe disengagement methods

Documentation of elicitation outcomes for auditability

In-Person Social Engineering & Covert Contact

Approach patterns and non-confrontational engagement tactics

Using physical presence to collect behavioral and environmental cues

Managing suspicion and exit strategies

Safety considerations for in-person contacts

Recording and reporting in-person interaction results

Telephony & Voice-based Operations

Call planning, plausible caller identities and escalation paths

VoIP vs PSTN considerations for operations

Voice elicitation techniques and call steering

Call recording, consent, and legal constraints

Handoff templates for follow-up technical actions

Digital Social Engineering (Phishing, Vishing, SMiShing)

Campaign design and targeting strategies

Safety controls for phishing simulations and containment

Landing pages, telemetry capture, and evidence tagging

Coordination with IR and SOC to prevent accidental escalations

Measuring success vs detection outcomes

Vendor & Third-Party Social Engineering

Targeting suppliers, contractors and outsourced staff ethically

Exploiting vendor processes and delivery relationships

Payment, procurement, and authority spoofing narratives

Mapping third-party human touchpoints to operational objectives

Vendor escalation and coordination templates

Insider-Influence & Recruitment (Ethical Considerations)

Distinguishing recruitment, elicitation, and coercion risks

Ethical and legal limits for insider-focused campaigns

Indicators of voluntary vs coerced insider behavior

Safe reporting and mitigation pathways

Use-case scenarios for detection testing without harm

Physical-Linked SE Campaigns (Door, Delivery, Escorting)

Coordinating social actions with physical ingress attempts

Using delivery and parking narratives to enable access

Escort prompting and visitor management exploitation (authorized)

Timing and sequencing social cues with recon activities

Safe abort criteria when social cues fail

OpSec, Anonymity & Digital Footprint Management

Protecting operational identities and traces

Pseudonym creation, persona hygiene and operational layering

Digital footprint minimization for long campaigns

Credential separation and compartmentalization

Post-operation identity clean-up processes

Legal, Ethical & Psychological Safety Considerations

Informed authorization and stakeholder sign-offs

Psychological safety for targets and operators

Handling sensitive disclosures during operations

Regulatory triggers and mandatory reporting

Debriefing and support for affected personnel

Tools, Templates & Campaign Orchestration

Campaign management platforms and scheduling tools

Evidence capture templates for social interactions

Playbooks for multi-channel social campaigns

Automation vs manual engagement trade-offs