A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Phishing without Failure and Frustration - Jay Beale Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Phishing without Failure and Frustration
Jay Beale
Derbycon 2016

Your first time phishing professionally could be full of frustration and failure. Picture it: You want to phish your company or your client. You?ve never done this for work before, you?ve got a week to do it, and you figure that's plenty of time. Then someone objects to the pretext at the last minute. Or spam filters block everything. Or you decide to send slowly, to avoid detection, but the third recipient alerts the entire company. Or you can only find 5 target addresses. We?ve all been there on our first professional phishing exercise. What should be as easy as building a two page web site and writing a clever e-mail turns into a massively frustrating exercise with a centi-scaled corpus of captured credentials. In this talk, we?ll tell you how to win at phishing, from start to finish, particularly in hacking Layer 8, the 'Politics' layer of the OSI stack that?s part of any professional phishing engagement. We?ll share stories of many of our experiences, which recently included an investigation opened with the US Security and Exchange Commission (SEC). Finally, we?ll tell you how we stopped feeling frustrated, learned to handle the politics, and produced successful phishing campaigns that hardened organizations at the human layer, and started to screw things up for the bad actors.

Jay Beale has created several security tools, including Bastille Linux/UNIX and the CIS Linux Scoring Tool, both of which have been used throughout industry and government. He has served as an invited speaker, program chair and trainer at many industry and government conferences, a columnist for Information Security Magazine, SecurityPortal and SecurityFocus, and a contributor to nine books, including those in his Open Source Security Series and the "Stealing the Network" series. Jay is a founder and the CTO of the information security consulting company InGuardians, where way too many clients? staff have enthusiastically given him their passwords.


Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast