Master Phishing: Writing a Phish That Won't Get You Busted (or, How To Bust Phishers)

Presented at Kiwicon 6: The Con of the Beast (2012), Nov. 17, 2012, 4:30 p.m. (30 minutes)

Phishing has been going on forever, but of late it's gone from 419 scams to exploit kits, while becoming more prevalent and (occasionally) more sophisticated in the process. This talk will break down, from an attacker's perspective: * Getting your phish past Gmail, Yahoo, Hotmail, etc.: spam traps are for suckers * How to make people more likely to click your phish * Not getting busted by pesky web filters and IDS systems * Picking a quality host for your payload Live examples will be used to demonstrate points of phisher failure and general "doing it wrong and getting busted by network security pros" throughout. The audience will also be given a chance to poke fun at legitimate emails that look phishy, and thus help blur the line between "it's OK to click on everything I get in my inbox!" and "maybe I should be suspicious of this link randomly delivered to my email address." White hats throughout the room should take notice of subtly delivered, newly proposed logic for generic detection of phishing attacks. P.S. Those curious about the proposed speaker's style are encouraged to read http://www.shitmylogssay.com/?p=10 for an example of him trolling a 419 scammer. Equivalent technically oritented lulz will be present throughout this talk.

Presenters:

• Alex Kirk
  Alex Kirk is a senior researcher with the Sourcefire Vulnerability Research Team (VRT), and the head of that group's Awareness, Education, Guidance, and Intelligence Sharing (AEGIS) program, which is designed to increase direct collaboration between Sourcefire customers, the Snort user community, and the VRT in the interests of improved detection and coverage. In his 8 years with the VRT, Alex has become one of the world's leading experts on Snort rules, and has honed skills in reverse engineering, network traffic analysis, and systems security. He contributed a pair of Snort-related chapters to "Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century," and is a regular contributor to the widely-read VRT blog (http://vrt-sourcefire.blogspot.com/). His current major technical project at Sourcefire involves automated collection of network data generated by malicious binaries, including Android packages, and analysis of that data for detection purposes.

Links:

• https://2012.kiwicon.org/the-con/talks/#e78

Similar Presentations:

• ToorCon San Diego 20 (2018) / Shooting Puny Phish in a Barrel
• DerbyCon 3.0 All in the Family (2013) / How Good is Your Phish
• DEF CON 1 (1993) / Getting busted sucks!