This Phish Goes To 11

Presented at Hackfest 2016, Nov. 5, 2016, 11 a.m. (Unknown duration)

"Testing your users and systems with generic phishing pretexts use to be enough, but now attackers are using open-source intelligence to customize their phishing campaigns. Step up your game! Let Stephanie show you how OSINT methods can be used to create a tailored pretext augmented by a 2nd stage vishing strategy. The 2015 Verizon DBIR reveals that for two years "more than two-thirds of incidents that comprise the Cyber-Espionage pattern have featured phishing." Hot on the heels of this and other data breaches we are seeing the industry move to complement the yearly pentest with phishing-based assessments. Attendees will learn the following: How attackers use OSINT to build targeted phishing campaigns How adding vishing can make an ineffective phish still work How a tailored phishing assessment and meaningful training better prepare your organization's employees"

Presenters:

  • Stephanie Carruthers / Snow as Stephanie "Snow" Carruthers
    Stephanie Carruthers is a social engineering professional. After winning a black badge at DEF CON 22 for the Social Engineering Capture The Flag, Stephanie started Snow Offensive Security in 2014, a small boutique consultancy that provides social engineering focused services such as phishing, vishing, physical security assessments. Stephanie specializes in Open Source Intelligence (OSINT) gathering and uses these findings to create highly effective custom pretexts for all her engagements. In her free time, she enjoys going to theme parks and playing table top games.

Links:

Similar Presentations: