Social engineering, the art of influencing individuals to divulge confidential information or take specific actions, is a critical discipline within cybersecurity. For UK-based professionals, ethical hackers, and security enthusiasts, understanding these techniques is essential for defence and responsible testing. The provided source material outlines a range of free online courses, curated resources, and foundational knowledge platforms dedicated to this field. This article summarises the available free educational opportunities, their content, and key resources, focusing exclusively on the information presented in the source documents.
Free Online Courses on Social Engineering
Several platforms offer complimentary courses on social engineering, providing certifications and structured learning materials. These courses are typically available in English and are designed for professionals seeking to enhance their skills or gain foundational knowledge.
Pluralsight Courses
Pluralsight provides multiple free courses on social engineering, each lasting under five hours and culminating in a certificate of completion.
- Ethical Hacking: Social Engineering: This course, taught by Troy Hunt, offers 4-5 hours of material. It is available free of charge, and participants receive an e-certificate upon completion.
- Social Engineering: Executive Briefing: A concise course requiring less than one hour to complete. It is instructed by Stephen Haunts and provides a free e-certificate.
- People Information Gathering with the Social Engineering Toolkit (SET): This sub-one-hour course is taught by Rishalin Pillay. It focuses on using the Social Engineering Toolkit and offers a free Pluralsight e-certificate.
- Specialized Attacks: Physical and Social Engineering: Another brief course (less than one hour) instructed by FC, covering physical and social engineering tactics. A free e-certificate is awarded upon completion.
LinkedIn Learning Courses
LinkedIn Learning offers several free courses on social engineering, typically ranging from one to two hours in duration.
- Ethical Hacking: Social Engineering: Taught by Lisa Bock, this course provides 1-2 hours of content. It is free of charge and includes an e-certificate from LinkedIn Learning.
- Cybersecurity Awareness: Social Engineering: This 1-2 hour course is instructed by Stephanie Ihezukwu. Participants can access it for free and receive an e-certificate.
Udemy Courses
Udemy hosts both free and paid courses on the subject.
- The Art of Hacking Humans: Intro to Social Engineering: A free course taught by Dauda Sule, offering 2-3 hours of material.
- Learn Social Engineering From Scratch: This is a comprehensive, paid course lasting 13 hours, taught by Zaid Sabih and z Security. Upon completion, participants receive an e-certificate. Detailed price information is available on the course page at Udemy.
Other Free Course Providers
Cybrary is mentioned as offering a free course titled "Social Engineering and Manipulation," though specific details about duration or certification are not provided in the source material.
Curated Resources and Tools
Beyond formal courses, several curated lists and portals provide extensive resources for those studying social engineering, emphasising ethical use in controlled environments.
GitHub and Online Portals
- Awesome Social Engineering GitHub Repository: A curated list inspired by the "awesome-*" trend, this repository aggregates resources intended for cybersecurity professionals, penetration testers, and educational use. It includes sections for online courses, Capture the Flag events, psychology books, books, documentation, tools, miscellaneous resources, OSINT (Open-Source Intelligence), and contribution guidelines. The repository explicitly states that no humans were manipulated to create the list.
- The Social-Engineer Portal: Described as a comprehensive site containing "everything you need to know as a social engineer," this portal offers podcasts, resources, frameworks, information about upcoming events, and a blog. It is a central hub for ongoing learning and community engagement.
- Abstract Security Discord Community: A Discord server focused on physical security, with many members active in the physical security business. This community provides a platform for discussion and networking.
Podcasts and Conferences
- The Social-Engineer Podcast: Hosted by a panel of security experts from the SEORG Crew, this semimonthly podcast features discussions with guests from diverse backgrounds. The focus is on human behaviour and its implications for information security.
- Layer 8 Conference and Podcast: This conference and podcast are dedicated to OSINT and Social Engineering, offering insights and discussions relevant to professionals in the field.
Technical Tools for Ethical Social Engineering
For practical application in a controlled, ethical context, a variety of open-source and commercial tools are available. These are designed for penetration testing and security awareness training.
- The Social-Engineer Toolkit (SET): Developed by TrustedSec, SET is a framework for performing social engineering attacks, such as spear-phishing, credential harvesting, and website attacks.
- Gophish: An open-source phishing framework used to create and manage phishing campaigns for security testing.
- King Phisher: A phishing campaign toolkit that allows for the creation and management of multiple simultaneous phishing attacks with custom email and server content.
- wifiphisher: A tool that performs automated phishing attacks against Wi-Fi networks.
- PhishingFrenzy: An open-source Ruby on Rails application leveraged by penetration testers to manage email phishing campaigns.
- Evilginx2: A Man-in-the-Middle (MITM) attack framework used for phishing credentials and session cookies from web services.
- Lucy Phishing Server: A commercial tool designed for performing security awareness trainings for employees, including custom phishing campaigns and malware attacks.
Foundational Knowledge and Psychology
Understanding the psychological principles behind social engineering is crucial. The source material highlights key concepts.
- Defining Social Engineering: The Social-Engineer.org portal defines social engineering as "Any act that influences a person to take an action that may or may not be in their best interest." This broad definition acknowledges that social engineering encompasses everyday human interactions, from communication with family to therapeutic settings, not just malicious acts.
- Psychological Basis: Social engineering is effective because it preys on human psychology. Key principles include exploiting trust, where an attacker builds rapport to make persuasion easier, and fear, a powerful emotion that can be used to manipulate people into compliance.
- Examples of Attacks: Common tactics include phishing scams, where attackers impersonate trusted entities like banks to lure victims into clicking malicious links, and pretexting, where an attacker impersonates an authority figure, such as a law enforcement officer, to obtain sensitive information or access.
Ethical and Legal Considerations
A consistent theme across the source material is the emphasis on ethical and responsible use. Resources are explicitly intended for cybersecurity professionals, penetration testers, and educational purposes in controlled environments. Tools like the Social-Engineer Toolkit are designed for defensive testing and security awareness, not for malicious activities. The curated lists and communities focus on professional development and knowledge sharing within a legal and ethical framework.
Conclusion
The provided source material outlines a robust ecosystem of free educational content and resources for learning about social engineering in the UK. From structured courses on platforms like Pluralsight, LinkedIn Learning, and Udemy to curated lists on GitHub and active communities like The Social-Engineer Portal, there are numerous avenues for gaining knowledge. A strong emphasis is placed on the psychological foundations of social engineering and the availability of technical tools for ethical testing. For UK professionals and enthusiasts, these resources offer a pathway to understanding and defending against social engineering tactics, all within a framework of professional ethics and legal compliance.