Presented at
NolaCon 2017,
May 20, 2017, 11 a.m.
(Unknown duration).
Phishing for clicks is like the VA portion of a Pentest. It feels nice being a hacker, but that fuzzy feeling wears off quickly, once you learn about command and control.
Everyone knows in theory what phishing is, what phishing emails looks like, they even may even theoretically know how it all works.
That about executing a Phishing campaign? This talk will show you the journey of setting up and executing a Phishing campaign to gain command and control. I have tried a few frameworks, coded some pages myself and will show the way I learned to Phish.
This is not just about sending an email and a link, this is about bypassing the email minefield to get the email to the target and having the payload call back out of the network.
We will go through:
Choosing and setting up a Phishing Framework
Cloning a site
Testing delivery and bypassing Spam filters with a payload (Click Once)
Testing different user interactions for executing payloads
Learning different payloads for command and control
Presenters:
-
Haydn Johnson
Haydn has over 4 years of information security experience, including network/web penetration testing, vulnerability assessments, identity and access management and Cyber Threat Intelligence. Additionally, he has a Masters in Information Technology and holds the OSCP and GXPN certifications.
Haydn regularly contributes to the infosec community, speaking at various conferences including HackFest, BsidesTO, BsidesLV and Sector. <a class="moz-txt-link-freetext" href="https://ca.linkedin.com/in/haydnjohnson">https://ca.linkedin.com/in/haydnjohnson</a>
Twitter:
@haydnjohnson
Links:
Similar Presentations: