Phishing: Going from Recon to Credentials

Presented at BSidesLV 2015, Aug. 5, 2015, 11 a.m. (25 minutes).

This presentation will quickly explore some of the common phishing attack tools and techniques. Additionally, there will be a demo of a new tool which can assist penetration testers in quickly deploying phishing exercises in minimal time. The tool can automatically search for potential targets, deploy multiple phishing websites, craft/send phishing emails, record the results, and generate a basic report.

Presenters:

• Adam Compton / tatanus - Senior Security COnsultant - Rapid7   as Adam Compton
  Adam Compton currently works as a penetration tester and has over 20 years of infosec experience, 15 years as a penetration tester. He has worked in both the government and private sectors for a variety of customers ranging from domestic and international governments, multinational corporations, and smaller local business.
• Eric Gershman
  Eric Gershman is currently working on the security team for a group that manages large systems that enable researchers to do "Big Science". Prior to working in security Eric pursued a bachelors degree in Information Technology at the University of Central Florida. During his time at UCF, he worked as a technician on a large help desk, research intern for an Anti-Virus company and finally as a Linux Systems Administration for several Department of Defense projects.

Links:

• https://bsideslv2015.sched.com/event/3um1/phishing-going-from-recon-to-credentials
• https://infocon.org/cons/Security BSides/BSides Las Vegas/BSides Las Vegas 2015/Phishing Going from Recon to Credentials Adam Compton Eric Gershman.mp4
• https://www.youtube.com/watch?v=zA9opd-ekX4

Similar Presentations:

• THOTCON 0x5 (2014) / Phishing Frenzy: 7 seconds from hook to sinker
• Diana Initiative 2020 Virtual / Deploying discreet infrastructure for targeted phishing campaigns
• DerbyCon 3.0 All in the Family (2013) / Phishing Like The Pros