A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


 Phishing for Shellz: Setting up a Phishing Campaign - Haydn Johnson NolaCon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Phishing for Shellz: Setting up a Phishing Campaign
Haydn Johnson
@haydnjohnson

Phishing for clicks is like the VA portion of a Pentest. It feels nice being a hacker, but that fuzzy feeling wears off quickly, once you learn about command and control. Everyone knows in theory what phishing is, what phishing emails looks like, they even may even theoretically know how it all works. What about executing a Phishing campaign? This talk will show you the journey of setting up and executing a Phishing campaign to gain command and control. I have tried a few frameworks, coded some pages myself and will show the way I learned to Phish. This is not just about sending an email and a link, this is about bypassing the email minefield to get the email to the target and having the payload call back out of the network. We will go through: Choosing and setting up a Phishing Framework Cloning a site Testing delivery and bypassing Spam filters with a payload (Click Once) Testing different user interactions for executing payloads Learning different payloads for command and control

Haydn has over 4 years of information security experience, including network/web penetration testing, vulnerability assessments, identity and access management and Cyber Threat Intelligence. Additionally, he has a Masters in Information Technology and holds the OSCP and GXPN certifications. Haydn regularly contributes to the infosec community, speaking at various conferences including HackFest, BsidesTO, BsidesLV and Sector. https://ca.linkedin.com/in/haydnjohnson

Recorded at NolaCon 2017

Back to NolaCon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast