Presented at
BSides Austin 2018,
March 9, 2018, 11 a.m.
(60 minutes)
The latest vector in email attacks is credential stealing. This is nothing new, but there has been a serious increase of activity in this space and it is VERY successful. Why? Because they criminals are manning the phishing campaigns with live people who are logging into people's Internet facing systems without 2-Factor Authentication and sending out more campaigns. Better yet, they are sending it to recent contacts, in small amounts so people are falling for it since they are actively, or have recently communicated with the victim giving the phishing campaign legitimacy.
This talk will walk through several examples of these credential stealing emails, what the emails look like, and what the cred stealing websites tend to look like once clicked. The discussion will focus on how to investigate this type of attack, what kinds of things you will need, what to look for, what works, and why time is ultimately critical for this type of attack.
Presenters:
-
Brian Boettcher
-
Michael Gough
Michael is a Malware Archaeologist, Blue Team defender, Incident Responder and logoholic. Michael developed several Windows logging cheat sheets to help the security industry understand Windows logging, where to start and what to look for. Michael is co-developer of LOG-MD, a free tool that audits the settings, harvests and reports on malicious Windows log data and malicious system artifacts. Michael is also blogs on HackerHurricane.com on various InfoSec topics. Michael also is co-host of the "Brakeing Down Incident Response" BDIR Podcast to education on Incident Response daily tasks.
Links:
Similar Presentations: