Play all

Intro

"Phishing is the attempt to acquire sensitive information...by masquerading as a trustworthy entity in an electronic communication." - Wikipedia Phishing

Types of Attacks • Phishing - Usually no specific targets and for monetary gain • Spear Phishing - specific individuals or groups • Whaling - targeting executives

Setup and Deploy - Domain & Email • Domain Registration • Mass Mailers • Open Relays for the target domain

Setup and Deploy - Web • Web Server Setup • Web Site Cloning • Web Application Development

Responses / Post Exploitation • Credential Harvesting - testing credentials • Additional phishing attacks from trusted accounts • Malware - Connecting to botnet/shells and maintaining persistence • E…

Preparation User Awareness & Periodic Testing Detection & Analysis Alerts, Mail Proxies Containment, Eradication and Recovery Have a plan that is ready and tested

SpeedPhish Framework - SPF • Automates common tasks needed to perform a phishing exercise • Written in Python • Full/Partial automation • Can make use of external tools if available

Future Features • Company Profiler

Description:

Explore a comprehensive overview of phishing attacks and defense strategies in this BSides Knoxville 2015 conference talk. Delve into various types of phishing, including spear phishing and whaling, and learn about the setup and deployment of phishing campaigns through domain registration, email systems, and web server configurations. Discover techniques for credential harvesting, post-exploitation activities, and malware deployment. Gain insights into effective preparation, user awareness, detection, and response strategies to combat phishing threats. Examine the SpeedPhish Framework (SPF), an automated tool for conducting phishing exercises, and its potential future features. Enhance your understanding of this critical cybersecurity topic to better protect individuals and organizations from sophisticated phishing attempts.

Phishing - Going from Recon to Credentials

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Ethical Hacking #Digital Forensics #Programming #Web Development #Web Application Development #Web Hosting #Domain Registration #Phishing Attacks #Web Server Management

0:00 / 0:00