• Pre-engagement interaction
This initial section covers everything that happens before the engagement and looks at topics such as scoping, goals, establishing lines of communication, rules of engagement, and legal protections required as part of the engagement. Some of these concepts are covered in Chapter 13.

• Intelligence gathering
This section is the first section once the engagement is underway and covers the initial groundwork in uncovering information that can be leveraged as part of the social engineering assessment. Examples of information to be gathered can include gathering corporate email addresses from search engines and social networks, parsing document metadata from publicly available corporate documentation, and establishing contact details such as phone numbers for switchboards and receptions. This section is covered in detail in Chapter 8.

• Threat modeling
This section creates the model for the social engineering assessment to follow. This model looks at the results of the initial information gathering and in combination with the requirements of the customer allows you to create a targeted attack scenario based upon a chosen attack vector. Although threat models use similar attack vectors the way they are designed and implemented are unique to each customer. Threat modeling is covered in Chapter 6 and also Chapter 7.

• Execution
This section covers the actual execution of the social engineering assessment that is considered as the primary objective of the engagement. This is where all of the information gathered is used against the threats that have been modeled in order to perform a threat-based assessment. The objective for the consultant is to gain access to the systems, or to break the procedures, that were identified in the earlier stages of the assessment. Information about executing such assessments through the three main attack vectors can be found in Chapters 9–11. Further information about how these attack vectors can be supported through technology can be found in Chapter 12.

• Post-execution
This section covers the secondary objective of the engagement which is possible only after the assessment has been successfully performed. For example, the primary objective may have been to gain physical access to the building, by tailgating, which was performed during the execution. The post-execution task and secondary objective may be to gather up sensitive information and exfiltrate without being caught or noticed. The social engineering aspects of post-execution are covered as above in Chapters 9–12. Many post-execution tasks are network based and are outside the scope of this book as they are considered more in line with infrastructure penetration testing.

• Reporting
Once the assessment is complete, the report is then created from the findings and results from executing the assessment. This is deliverable to the client and a very important piece of work that must meet the business objectives that drove the social engineering assessment in the first place. The report takes form of a written piece of work that includes all evidence gathered and methods used. It is normal that the report is collated and written by the consultant who performed the actual assessment. It is also advised to make the consultant available to present the findings verbally or at least be available for a conference call to answer any question that the client may have regarding the assessment that was performed. More information about gathering the information for and writing the actual report can be found in Chapter 13.