A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


The Art Of Espionage 2016 or Stop Trying To Be Tom Cruise - Ryan Jones, McOmie NolaCon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

The Art Of Espionage 2016 or Stop Trying To Be Tom Cruise
Ryan Jones, McOmie

ts 5pm on a Friday, everyone is ready to go home for the weekend. An urgent email comes in from the CEO, requesting an immediate fund transfer of hundreds of thousands of dollars. Don't click 'OK' just yet ... you might be getting whaled. In this talk, we will examine the various aspects of one of the most successful, large-scale whaling campaigns currently affecting businesses. We'll start by examining the emails, context, and domains used by the attackers to trick employees. We will also look at the various documents used to trick companies, and how to potentially detect them in your network. But it gets better ... using past research and publicly-available tools, we're going to profile a whaling campaign that stretches across dozens of victims, and hundreds of millions of dollars. We'll present research spanning over two years across the globe, involving banks from North Carolina to Hong Kong. Lastly, we're going to examine how this evidence led to a recent arrest of one of these scam artists. Attendees will learn how to utilize open tools to hunt for related malware, documents, and threat actors. They will also learn how to expand knowledge of TTPs into their environment to protect against massive losses such as highly-successful whaling campaigns.


Offering 20 years of experience as a trusted security leader, adviser, and strategist. Luke is industry certified and recognized for his excellence in management, execution, communication, and delivery. He has lead risk and compliance programs, managed red teams, and conducted security assessments for many Fortune 100 companies, federal agencies, and private businesses. These efforts and his diverse background in ethical hacking, penetration testing, physical security, social engineering, and incident response have all contributed to his extensive understanding of the challenges and risks that threaten the modern business and operating environment.

Recorded at NolaCon 2016

Back to NolaCon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast