Presented at
Wild West Hackin' Fest 2017,
Oct. 27, 2017, 10:40 a.m.
(45 minutes)
As more businesses migrate their employee email and data into collaborative cloud platforms, default configurations, even in a secured environment, could leave them susceptible to attacks. While these platforms create a centralized way to collaborate, manage access and view the world from a single pane of glass -- they also create unique attack paths that attackers can leverage using built-in APIs.
In this presentation, we will explore an innovative approach to red teaming organizations that use Google Suite as their main cloud provider. We will walk through leveraging features to inject calendar events, phishing credentials, capturing 2-factor tokens, backdooring accounts and finally pilfering secrets. Techniques presented will also be incorporated and released as modules within MailSniper.
Presenters:
-
Mike Felch
- Black Hills Information Security
Mike Felch is a Red Team Lead and Security Researcher at Black Hills Information Security. Prior to joining BHIS, he was Vice President of Security Research for an infosec start-up leading technical teams and exploiting hardware. Throughout his career, he's held roles as a software engineer, pentester, and system administrator. Mike's a divergent thinker who enjoys cognitive challenges and understands the power of collaboration. He's actively involved in the infosec community and regularly open-sources red team tools. You will either find him with his wife Angela and daughters at infosec conferences or in prison investing in the lives of incarcerated men.
-
Beau Bullock
- Black Hills Information Security
Beau Bullock is a Senior Security Analyst at Black Hills Information Security. Prior to joining BHIS, Beau‘s primary role has been implementing security controls to protect information and network assets. He has held information security positions in the financial and health industries. Beau has experience with all aspects of enterprise network security including penetration testing, vulnerability analysis, data loss prevention, wireless security, firewall management, and employee security training. In his spare time, he hosts the Hack Naked TV information security webcast and presents at conferences.
Beau holds a B.S. in Information Technology and has also obtained multiple industry certifications including OSCP, OSWP, GCIH, GCFA, GSEC, GPEN, GXPN, and GWAPT. Beau is @dafthack on Twitter.
Links:
Similar Presentations: