Good for both June 5 and June 6. Includes lunch.

Valid for either June 5 or June 6, but not both. If you want to attend both days, purchase the "Entire Conference" ticket.

Good for both days. Must use a university email address or the ticket will be canceled and refunded.

Note: This price is being offered as a courtesy to full-time college and high school students. If you're not a full-time student, please purchase one of the non-student tickets.

Access to the video recordings of the presentations that speakers allowed to be recorded.

Ticket is for single day, not both days.

Parking in Boston University's private lot only about a block from the conference location. You can pay the meters every few hours and risk a ticket, find your own garage or just pay for the parking here.

Instructor: Christina Lekati

Social engineering attacks continuously remain at the top of the threat landscape and data breach reports. But although these reports tend to simplify many breaches as the result of a successful phishing attack, the reality we get from current threat research is evidently more complex.

Today, the pathway that leads to that successful phishing email is often the result of a larger attack kill chain based on good target reconnaissance in which weaponized psychology is also a strong component. And there is often a multi-layered methodology.

In this threat landscape, it is paramount for security professionals to better understand how social engineering works, and how to proactively identify and disrupt attack verticals.

Each module of this training is designed to support the next one. 

We will start by learning the fundamentals of social engineering (briefly), and the types of frequently-used social engineering attack scenarios that we have been observing in the wild. 

We move on to more practical parts: How did these attacks come to life? What was the background information that they were built upon, and what elements made them successful? 

During the next phase of the class we focus on target reconnaissance. Specifically, on two main areas: Reconnaissance for persons and for businesses (including physical reconnaissance for facilities). Participants get to see where and how attackers collect people and business information, and how to combine and analyze data into intelligence that produces useful insights for social engineering. We will also explore the capabilities and limitations of GenAI and LLMs for these tasks.

On the second day, we will move on to more complex attack methodologies, and emerging threats. We will discuss advanced social engineering attacks and focus on the modus operandi of advanced threat actors through real cases. Participants will also get to learn how AI technology impacts threat actor capabilities. We will practice on the theory through hands-on exercises.

During the last part of the class, we will discuss what security professionals can do to improve their security posture against social engineering attacks on a strategic and tactical level. We will discuss reducing risk, becoming a less attractive target, informing the security strategy, and responding to social engineering attacks. 

***Hands-on exercises are included throughout the class. If you plan to join us, bring a laptop with you!***

This is a 2-day, intensive class that aims to help security teams get a comprehensive understanding of social engineering, to build better protective measures (proactive & reactive) and to better inform their security strategy. The class also helps penetration testers improve their attack scenarios and provide better and more realistic insights to their clients. 

Attendees will leave this class having acquired the psychological knowledge along with the technical capability to simulate social engineering attacks and improve their prevention & response capabilities. They will have learned the most prevalent social engineering tactics from both cyber criminal groups and state-affiliated APTs. 

Audience level: beginner/intermediate

Ticket is not free.

Purchase your ticket through MyOSINT Training here: https://www.myosint.training/courses/layer8-2026

This is a placeholder, not an actual ticket to the training.