It's no secret that user-targeted attacks are a common source of compromise for many organizations. Web browser and e-mail borne malware campaigns prey on users by way of phishing, social engineering, and exploitation. Office suites from vendors such as Adobe and Microsoft are ubiquitous and provide a rich and ever-changing attack surface. Lack of awareness and clever social engineering tactics frequently result in users unknowingly consenting to the execution of malicious embedded logic. In this talk, we'll cover the past, present, and future of the kinds of threats that are bypassing common security controls and successfully exploiting the end-user security gap. From low-tech, to sophisticated, and even some attacks that folks in the audience may fall victim to. We'll cover some detection/dissection techniques and hardening measures to ease the burden and remove some business risk from user hands.

@pedramamini

Back to OISF 2023 video list