A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Trials and Tribulations of setting up a Phishing Campaign - Insight into the how - Haydn Johnson (Circle City Con 2017 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Trials and Tribulations of setting up a Phishing Campaign - Insight into the how
Haydn Johnson

haydnjohnson
Circle City Con 2017

Phishing for clicks is like the VA portion of a Pentest. It feels nice being a hacker, but once you realize you aren't getting command and control, that fuzzy feeling wears off quickly. Everyone knows in theory what Phishing is, what Phishing emails looks like, they even may even theoretically know how it all works. What about executing a Phishing Campaign? This talk will show you the journey of setting up and executing a Phishing Campaign to gain command and control. I have tried a few frameworks, coded some pages myself and will show the way I learned to Phish. An important understand in Phishing (like any attack) is the side of the victim; what they see and do in receiving a phishing email; this is referred to as advancing ones tradecraft. We will go through: - The main difference between phishing for clicks and phishing for shells - Choosing and setting up a Phishing Framework - Actions I take when learning something new - Testing delivery and bypassing Spam filters with Microsoft Click once - Testing different user interactions for executing payloads - Learning different payloads for command and control - Understanding the email minefield

Haydn has specialized in offensive security and cyber threat intelligence for over 4 years. He has extensive experience in Information Security, network/web penetration testing, vulnerability assessments, identity and access management and identifying near future threats that face organizations on the horizon. Haydn is considered an industry expert on PurpleTeaming, and has been published several times in online articles on this topic. Additionally, he has a Masters in Information Technology and holds the OSCP and GXPN certifications. Haydn regularly contributes to the infosec community, speaking at various conferences including HackFest, BsidesTO, BsidesLV and Sector.

Back to Circle City Con 2017 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast