Smishmash - Text Based 2fa Spoofing Using OSINT, Phishing Techniques and a Burner Phone

Presented at Black Hat USA 2022, Aug. 10, 2022, 2:30 p.m. (30 minutes).

In recent years the data leaks have escalated, and leaked passwords and usernames have become a common attack vector in phishing attacks. Until recently phone numbers were commonly overlooked by attackers as well as red teams. This year has seen an increase in attacks circumventing text based 2fa.

In this talk, the researchers will show how it's possible to gather data from publicly available sources and connect the phone numbers most likely used by two factor authentication systems to other leaked email and login credentials.

We will simulate an attack armed with your cracked password, email address and phone number.

We will show techniques and methods used by real threat actors to bypass text based 2fa using only publicly leaked data using real time attack by indexing OSINT data combined with publicly available attack tools and frameworks.


Presenters:

  • Thomas Olofsson - CTO, FYEO Inc
    Thomas (skjortan) O is a CTO with a strong Cybersecurity, threat intelligence, as well as development background. Thomas has as solid penetration testing and red teaming background and has lately been working with incident investigations and open source intelligence as well as building software and services for OSINT gathering as well as dabbling with the encryption parts of crypto and DeFi. Thomas is also the founder and member of the CFP board for the Swedish non-profit It security conference Sec-t.org
  • Mikael Byström - Head of OSINT, FYEO Inc
    Mikael Byström is a security professional with solid experience in building OSINT collection frameworks as well as running security operation centers for large companies and organisations. He comes from a blue team background and has worked to protect some of Sweden's largest companies as well as most critical infrastructure. Mikeal has always had a foot in the underground hacking circles and is well connected and had built a huge network to be able to gather open source intelligence data.

Links:

Similar Presentations: