Building Antibodies - The Phishing program at Twitter

Presented at ToorCon: Seattle 2013, July 6, 2013, 3:20 p.m. (20 minutes)

I run the phishing program at Twitter. It's not just an awareness program, the intention is to actually "build an immunity" to phishing. This is somewhat of a daunting task. The numbers we've collected show improvements over time - we're actually getting our employees to stop clicking things. Anyone who has ever done incident response will know - the fewer users you have running malware, the more hair you keep on your head. This is a description of how the program is built, how you can implement one of your own, how to identify datapoints to measure and how to build the antibodies that will keep more of your employees safe, and keep more malware out of your environment. Imagine a world where phishing didn't work because everybody could recognize a phish. Sounds awesome, huh? The intention here is to build antibodies - make phishing such a big deal that employees will help each other out - save each other from phishing. We've reached the point where our employees are actually coding chrome extensions to spot phishing scams in their browsers because of this program, and those extensions are stopping outside malware as well.

Presenters:

  • Dan Tentler / Viss as Viss
    Dan Tentler freelances taking on Red Team and PenTest engagements. A For-Pay bad-guy, who works for the good guys.

Links: