| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Phishing for clicks is like the VA portion of a Pentest. It feels nice being a hacker, but that fuzzy feeling wears off quickly, once you learn about command and control.
Everyone knows in theory what phishing is, what phishing emails looks like, they even may even theoretically know how it all works.
What about executing a Phishing campaign? This talk will show you the journey of setting up and executing a Phishing campaign to gain command and control. I have tried a few frameworks, coded some pages myself and will show the way I learned to Phish.
This is not just about sending an email and a link, this is about bypassing the email minefield to get the email to the target and having the payload call back out of the network.
We will go through:
Choosing and setting up a Phishing Framework
Cloning a site
Testing delivery and bypassing Spam filters with a payload (Click Once)
Testing different user interactions for executing payloads
Learning different payloads for command and control
Haydn has over 4 years of information security experience, including network/web penetration testing, vulnerability assessments, identity and access management and Cyber Threat Intelligence. Additionally, he has a Masters in Information Technology and holds the OSCP and GXPN certifications. Haydn regularly contributes to the infosec community, speaking at various conferences including HackFest, BsidesTO, BsidesLV and Sector.
https://ca.linkedin.com/in/haydnjohnson
Recorded at NolaCon 2017
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast