A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Phishing Frenzy: 7 seconds from hook to sinker - Brandon McCann Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Phishing Frenzy: 7 seconds from hook to sinker - Brandon McCann
Derbycon 2013

Description: “Email Phishing attacks are a prevalent threat against any organization large or small. As professionals in the security field we need to be able to give our clients the “”look”" and feel of what a real “”bad guy”" hacker may do to attack an organization. Creating a email phishing campaigns can often times be complex and time consuming process. What if we could leverage a framework that could manage our phishing campaigns, phishing templates, and even track advanced statistics easily throughout the campaign. Feast your eyes on the new addition to the open source and infosec community. “”Phishing Frenzy”" The Advanced Phishing Framework. Phishing Frenzy is a database driven web application written in ruby on rails that helps penetration testers manage their phishing campaigns by providing a framework that is easy to build and mange templates for future engagements. Build a phishing template in the Phishing Frenzy architecture, and your ready to use that template for all future assessments. The framework allows for the creation and management of phishing campaigns. Some of this management includes configuring Apache to use virtual hosts so many campaigns can run on a single box, encoding email addresses within the url so unique visitors can be tracked using advanced statistic generation. No phishing campaign is complete without a phishing scenario. Thats why the Phishing Frenzy offers the ability to manage phishing scenarios through template creation, manipulation and reuse process. Templates can be assigned to any campaign for a quick easy creation of a phishing campaign that not only looks legit, but will bait end users into your trap to gain the keys to the clients kingdom. Reporting for phishing campaigns can often become a cumbersome task having to look through various web logs to determine users that visited the phishing website, or even downloaded a malicious executable or determine which users entered passwords into the web form. Phishing Frenzy manages all steps required for advanced statistic reporting. The reporting console is assisted with Google charts to plot and visualize the impact of your phishing campaign along with the results that are yielded throughout the timeline of the campaign. Email phishing is a prevalent threat against all organizations that cannot be taken lightly. Having the ability to launch effective email phishing campaigns to make an impact to our clients is key to the success of mitigating these type of risks to the organization. We must be able to create and stimulate real world threats within a given budget, and this is why pentesters can now leverage Phishing Frenzy to create, manage, and execute professional phishing attacks. Screenshots: https://dl.dropboxusercontent.com/u/18768757/pf-login.png https://dl.dropboxusercontent.com/u/18768757/pf-dashboard.png https://dl.dropboxusercontent.com/u/18768757/pf-templates.png https://dl.dropboxusercontent.com/u/18768757/pf-options.png https://dl.dropboxusercontent.com/u/18768757/pf-stats.png”

Bio: “Senior Security Assessor – Accuvant LABS Brandon is a Senior Security Assessor with over seven years of experience in the Information Technology field. Brandon currently performs red team attack simulations, network penetration testing, internal vulnerability assessments, social engineering engagements, and various other technology consulting projects. Brandon is the co-founder of pentestgeek.com and previously served as a Network Administrator for a nation-wide advertising firm. Brandon has also written many publications on Disaster Recovery that have been published in a variety of scholarly journals, and discussed at various conferences. Brandon is an active part of the open source, metasploit and infosec community. Certifications and Training • Degree in Accounting • Minor in Business Computer Information Systems • OSCP, GCFA, CCENT, MCP • SANS Lethal Forensicator”

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast