HTW Berlin Fachbereich 4 Cyber-Security & Business Social Engineering Winter Term 2025/26

This course is about Social Engineering. In order to defend your installation against attackers, you have to understand how attackers work. Many focus on the weakest link: the humans who work at your company. Our focus will be on how social engineering works, how you can test your own installation with pentesting, and how you can train people to recognize and stop social engineering attacks. Of course, one can use social engineering in many circumstances, so our focus will be on ethical hacking and only trying things out for real if we have permission to do so. We will also have a look at how to obtain permission and set out a contract if you are working as a pentester, and what your report needs to look like.

The course meets every week on Tuesdays at 8:00. The exercise session is every other week starting at 9:45, right after the lecture. Although you only have 3 hours effective instruction time, the course is worth 5 credits. This means that you will be expected to do a good bit of reading and writing outside of class as preparation for the class. Writing must be done in English and without the help of a GenAI system, with the exception of the spelling checker inside of an editor.

You will be working in groups of two to four persons for the exercises, this will be specified for every exercise. We have computers in the lab, but you are welcome to bring your own laptop, if you have one. Attendance to the labs is mandatory, as we are working in groups of various size each week. If you are unable to attend, you must contact me before class.

If I decide to broadcast the lectures on Zoom, this does not mean that you only attend the lecture every other week. You will be responsible for all material in the exam.

We will start right away on October 7, 2025, with an exercise for Group 1 after an introductory lecture. The schedule is, as always, tentative and gives you an idea of the topics I have planned. I welcome additional or substitution topics from the class. We have a Moodle collaboration room, too, for submitting your work and for me offering you material that may not be found online.

The learning outcomes for this class are:
    
     The students

• understand social engineering fundamentals, and are, in particular, familiar with the most common types of attack and the necessary protection systems;
• are able to analyze and assess attack vectors and optimize the quality of existing defense measures;
• realize the limitations of purely technological measures;
• learn tools and methods used by hackers to exploit human characteristics such as helpfulness, trust, fear or respect for authority in order to skillfully manipulate those affected;
• know the possibilities of OSINT (Open Source Intelligence) for data acquisition and are familiar with the extraction of relevant data from social networks, websites, media and other open sources;
• are able to identify and implement solutions to classic problems after completing the module. ‚
  

Materials

There are some books that I will be using as the basis for my lectures.

1. Hadnagy, Christopher. (2018). Social Engineering: The Science of Human Hacking. Wiley.
2. Gray, Joe. (2022). Practical Social Engineering: A Primer for the Ethical Hacker. no starch press.
   
3. Mitnick, Kevin D. & Simon, William L. (2002). The Art of Deception: Controlling the Human Elemant of Security. Wiley.
   

There are also other materials that could come in handy:

1. Any issue of 2600.
2. Videos of the HOPE conferences.
3. Any issue of the Datenschleuder (in German).
4. Videos of the CCC conferences.
5. Chaos Computer Club (Hrsg.) (2024). Hackbibel³. Katapult Verlag
6. My social bookmarks on the topic of social engineering
   

Grade

Your grade will be a combination of exam work and solving exercises. There are 8 exercises, each worth 10 points. They make up 40 % of your grade. The exam is 60 % of your grade. The exam will be on or about February 10, 2026 and will involve you writing answers to questions without the use of a computer. This will better evaluate how much of the material you have understood.

Questions?

Please use the forum in the Moodle room to ask  questions you may have about the course that are interesting for everyone. If it is a personal issue, please write me per email at weberwu@htw-berlin.de. I do not have an office here at the HTW.