Getting Access with Spear Phishing

Presented at CarolinaCon 14 (2018), April 14, 2018, 10:30 a.m. (30 minutes)

Spear phishing accounts for the vast majority of security breaches. Being able to perform spear phishing is vital for a penetration tester and integral to understanding how to mitigate it. This presentation will focus on the entire process of a sophisticated spear phishing campaign, from recon to delivering the payload and bypassing modern defenses. Furthermore, stealth and anti-blue team techniques will be demonstrated. I will also demonstrate HunterGatherer.js, an email gathering and validation tool I wrote to assist in spear phishing."

Presenters:

• Kevin Wang
  Kevin is a network security analyst at MacAulay-Brown, a defense contractor. While Kevin enjoys network defense, he is passionate about offensive security. He is particularly interested in network security and penetration testing, but also enjoys web exploitation, programming, and nature.

Links:

• https://infocon.org/cons/CarolinaCon/CarolinaCon 14 2018/Getting Access with Spear Phishing (by Kevin Wang).mp4
• https://infocon.org/cons/CarolinaCon/CarolinaCon 14 2018/Getting Access with Spear Phishing (by Kevin Wang).eng.srt (subtitles)
• https://www.youtube.com/watch?v=RuwcLc-KC9w

Similar Presentations:

• VB2019 / Kimsuky group: tracking the king of the spear-phishing
• Black Hat USA 2016 / Blunting the Phisher's Spear: A Risk-Based Approach for Defining User Training and Awarding Administrative Privileges
• Black Hat USA 2017 / Why Most Cyber Security Training Fails and What We Can Do About it