Help Irongeek.com pay for bandwidth and research equipment:
Advanced Phishing Tactics Beyond User Awareness SkyDogCon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)
Advanced Phishing Tactics Beyond User Awareness
Martin Bos & Eric Milam
Over the past 10 years, organizations have spent time, resources and
considerable financial investments to protect their external perimeter from
potential information security threats. Most advanced threat agents know if and
when they bypass the hardened perimeter, successfully compromising assets within
the internal environment is trivial, with very few controls in place to stop a
focused and motivated intruder.
This talk will discuss why spear phishing penetration testing is a necessary
exercise for all organizations. We will walkthrough and demonstrate live our
methodology that has proven extremely effective on numerous engagements. We will
also focus on why advanced techniques should be used to assess internal user
environments as a whole and that approaching a social engineering exercise as a
user awareness exercise is not beneficial for an enterprise.
Eric is a senior security assessor on the Accuvant LABS enterprise assessment
team with over fourteen (14) years of experience in information technology. Eric
has performed innumerable consultative engagements including enterprise security
and risk assessments, perimeter penetration testing, vulnerability assessments,
social engineering, physical security testing, wireless assessments and
extensive experience in PCI compliance controls and assessments. Eric is a
project steward for the Ettercap project as well as creator and developer of the
easy-creds and smbexec projects.