SlideShare ist ein Scribd-Unternehmen logo

Phishing dc618 haydnjohnson

Haydn Johnson
Haydn Johnson

Phishing for the shell. A little customization for DC618, last minute invite. Links updated. Learn some phishing frameworks and payload interactions.

Technologie
1 von 153
Downloaden Sie, um offline zu lesen
@haydnjohnson Phishing For the shell DC618 -> Thank you for having me
@haydnjohnson WhoAMI ❏ Security Analyst | Manager | Purple Teamer ❏ Points (points.com) ❏ Talks: BsidesTO, Circle City Con, HackFest, SecTor ❏ OSCP, Offsec, Purple Team, Gym?? ❏ http://www.slideshare.net/HaydnJohnson Views are my own :) @haydnjohnson
@haydnjohnson Outline ❏ What is phishing: Phishing Attacks | Real world ❏ Different ‘Phishing’: Clicks | Creds | Shells ❏ Email Minefield ❏ To learn phishing - What does that involve | require ❏ How I learned to phish - frameworks, Payload, VM
@haydnjohnson Real attacks - stats * Why should you care about phishing * Phishing is now the #1 delivery vehicle for ransomware and other malware. https://blog.barkly.com/phishing-statistics-2016
@haydnjohnson Top 10 Internet Scams 1. Phishing emails and Phony Web pages 2. The Nigerian scam, also known as 419 3. Lottery scams 4. Advanced fees paid for a guaranteed loan or credit card 5. Items for sale overpayment scam 6. Employment search overpayment scam 7. Disaster relief scams 8. Travel scams
@haydnjohnson Phishing Examples Email https://www.incapsula.com/web-application-security/phishing-attack-scam.html
@haydnjohnson Phishing Examples - @johnLaTwc Excel
@haydnjohnson Phishing Examples - @johnLaTwc AV
@haydnjohnson Phishing Campaigns Spam Spear
@haydnjohnson ❏ Many emails ❏ High amount of emails hoping for high amount of victims ❏ “Spray and pray” ❏ Not specific to one person or company Spam Campaign
@haydnjohnson Spam Campaign
@haydnjohnson ❏ Few emails ❏ Research ❏ High value target ❏ Like marketing, entices you to open Spear Phishing Campaign
@haydnjohnson Spear Phishing Campaign
@haydnjohnson Phishing Types Counting Clicks Gathering Credentials Gaining Command & Control
@haydnjohnson Counting Clicks
@haydnjohnson Counting Clicks “Click Through Rate” http://www.dummies.com/web-design-development/site-development/calculating-click-through -rates-for-e-mail-campaigns/
@haydnjohnson Counting Clicks Page Visitors http://www.counter12.com/
@haydnjohnson Counting Clicks PHP code <?php if (file_exists('count_file.txt')) { $fil = fopen('count_file.txt', r); $dat = fread($fil, filesize('count_file.txt')); echo $dat+1; fclose($fil); $fil = fopen('count_file.txt', w); fwrite($fil, $dat+1); } else { $fil = fopen('count_file.txt', w); fwrite($fil, 1); echo '1'; fclose($fil);
@haydnjohnson Gathering Credentials Intranet https://twitter.com/dawnstarau/status/ 851921378517295104/photo/1
@haydnjohnson Counting Clicks Click Link Count ClicksReceive Mail Open Mail
@haydnjohnson Gathering Credentials
@haydnjohnson Getting Credentials VPN
@haydnjohnson Getting Credentials Click Link Enter CredentialsReceive Mail Open Mail Attacker receives credentials Credentials sent to attacker
@haydnjohnson Getting Credentials ISSUES: ❏ Have to reset passwords ❏ Exposing passwords
@haydnjohnson Command and Control
@haydnjohnson Command & Control TYPES OF SHELLS Synchronous (Reverse, Bind) Asynchronous (Beacon, Empire Agent)
@haydnjohnson Command & Control Click Link Download / executeReceive Mail Open Mail
@haydnjohnson Command & Control
@haydnjohnson Command & Control ISSUES: ❏ Hijacking control ❏ Unencrypted communications ❏ Data out of the network
@haydnjohnson Command & Control
@haydnjohnson Command & Control
@haydnjohnson Email Minefield
@haydnjohnsonhttps://blog.cobaltstrike.com/2012/12/05/offense-in-depth/
@haydnjohnson NOT SPAM DNS records | DKIM - email spoof protection No-deliver notice for recon https://en.wikipedia.org/wiki/Sender_Policy_Framework https://en.wikipedia.org/wiki/Bounce_message https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail Sender Policy Framework
@haydnjohnson Mail Anti-Virus Sandbox Attachment Scanning Sender Policy Framework Mail Anti-Virus https://www.sandboxie.com/index.php?DownloadSandboxie https://www.mail.com/mail/antivirus/ https://www.jvfconsulting.com/blog/trick-gmail-antivirus-scanner-send-any-fi le-type-with-gmail-exe-dll-com-bat/ https://medium.com/@networksecurity/oleoutlook-bypass-almost-every-cor porate-security-control-with-a-point-n-click-gui-37f4cbc107d0
@haydnjohnson Mail Anti-Virus Sender Policy Framework Mail Anti-Virus https://support.google.com/mail/answer/25760?hl=en
@haydnjohnson Mail Anti-Virus Sender Policy Framework Mail Anti-Virus https://github.com/carnal0wnage/malicious_file_maker Test with different files: ❏ Exe ❏ Javascript etc
@haydnjohnson Mail Delivered! Sender Policy Framework Mail Anti-Virus DELIVERED
@haydnjohnson Mail Delivered…. Sender Policy Framework Mail Anti-Virus DELIVERED
@haydnjohnsonhttps://blog.cobaltstrike.com/2012/12/05/offense-in-depth/
@haydnjohnson McAfee Trend Avast AVG Host Anti Virus Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Norton Avira Bullguard ABC DEF GEH ETC ETC All the brands!
@haydnjohnson Host Anti Virus Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus http://www.blackhillsinfosec.com/?p=5570 http://www.blackhillsinfosec.com/?p=5555 https://null-byte.wonderhowto.com/how-to/bypass-antivirus-using-powershell-and-metas ploit-kali-tutorial-0167601/ https://blog.netspi.com/10-evil-user-tricks-for-bypassing-anti-virus/ Run in memory PowerShell DLL Remove ‘mimikatz’
@haydnjohnson Code Execution Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Code Execution
@haydnjohnson Even more! Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Code Execution
@haydnjohnson Pentest part Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus ❏ First Landing ❏ AV bypassed ❏ Whitelisting ❏ Constrained Language mode https://www.lifewire.com/introduction-to-intrusion-detection-systems-ids-2486799
@haydnjohnsonhttps://blog.cobaltstrike.com/2012/12/05/offense-in-depth/
@haydnjohnson Intrusion Detection System & Prevention Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Code Execution IDS ❏ NIDS ❏ HIDS ❏ Signature ❏ Anomaly ❏ Passive ❏ Active https://www.lifewire.com/introduction-to-intrusion-detection-systems-ids-2486799
@haydnjohnson Intrusion Detection System Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Code Execution IDS ❏ Not easy to bypass ❏ Bypass Intranet Proxy | Supply creds ❏ Obfuscation ❏ False negatives https://arno0x0x.wordpress.com/2016/04/13/meterpreter-av-ids-evasion-powershell/ https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-evasion-attackers-burglar-alarm-1284 “%2e%2e%2f%2e%2e%2fc:winntsystem32netstat.exe” Instead of “../../c:winntsystem32netstat.exe”
@haydnjohnson Firewall Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Code Execution IDS Firewall
@haydnjohnson Firewall Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Code Execution IDS Firewall ❏ Bastion Host ❏ DMZ ❏ Deep Packet inspection ❏ Reassemble packets ❏ “NEXTGEN” https://blog.fortinet.com/2014/10/09/a-few-words-about-evasion-techniq ues
@haydnjohnson Firewall Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Code Execution IDS Firewall ❏ Fragmentation ❏ Tunnel ICMP | HTTP ❏ Encryption ❏ Firewalk http://stephenperciballi.blogspot.ca/ https://www.cybrary.it/video/ids-firewalls-honeypots-whiteboard/
@haydnjohnson Positive C2 Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Code Execution IDS Firewall C2
@haydnjohnson Positive C2 Sender Policy Framework Mail Anti-Virus DELIVERED Host Anti-virus Code Execution IDS Firewall
@haydnjohnson Phishing mechanics
@haydnjohnson Phishing - what we need to do ❏ Domain ❏ Send Email ❏ Deliver Email
@haydnjohnson Phishing - what we need to do ❏ Social Engineer ❏ Click Link
@haydnjohnson Phishing - what we need to do ❏ Interact ❏ Download ❏ Execute
@haydnjohnson Phishing - what we need to do ❏ Send Email ❏ Deliver Email ❏ Social Engineer interaction ❏ Receive shell
@haydnjohnson Considerations - what do I need to learn ❏ Build a convincing email | pretext ❏ Build a website that is convincing (framework / manual) ❏ Bypass email minefield ❏ Understand payloads and user interaction References: https://arstechnica.com/information-technology/2014/02/how-to-run-your-own-e-mail-server-with-yourown-domain-part-1/2/ https://arstechnica.com/information-technology/2014/03/taking-e-mail-back-part-2-arming-your-serverwith-postfix-dovecot/ https://arstechnica.com/business/2014/03/taking-e-mail-back-part-3-fortifying-your-box-againstspammers/
@haydnjohnson Sending an Email ❏ MTA (Mail Transfer Agent), sending and receiving e-mail MDA MUA ❏ MDA (Mail Delivery Agent) POP / IMAP email into inbox MTA ❏ MUA Mail User Agent – email client
@haydnjohnson Sending an Email ❏ Must have a valid SSL/TLS certificate for your mail server – not self signed ❏ /etc/ssl/private ❏ Virtual or Real accounts I trust ya
@haydnjohnson Sending an Email - Fighting Spam ❏ Probably not an issue ❏ Others can validate we are real ❏ Spam filtering
@haydnjohnson How I learned
@haydnjohnson What I DID!
@haydnjohnson What I DID! https://www.trustedsec.com/social-engineer-toolkit/ https://getgophish.com/ https://github.com/Raikia/FiercePhish
@haydnjohnson What I DID! https://www.cobaltstrike.com/ Free-Trial
@haydnjohnson What I did ❏ Installed ❏ Played around ❏ Decide on preferred tool
@haydnjohnson Frameworks
@haydnjohnson Framework Criteria
@haydnjohnson Framework Criteria ❏ Send email ❏ Track email opening ❏ Clone a website & save credentials ❏ Ability to edit cloned site (for c2) ❏ Graphs / Result recording
@haydnjohnson Installation
@haydnjohnson Gophish ❏ Download binary ❏ Chmod ❏ RUN ❏ literally…. https://getgophish.com/
@haydnjohnson Gophish
@haydnjohnson Gophish
@haydnjohnson
@haydnjohnson FiercePhish
@haydnjohnson FiercePhish Not compatible with Kali
@haydnjohnson FiercePhish Ubuntu 16
@haydnjohnson FiercePhish Configuration script
@haydnjohnson FiercePhish
@haydnjohnson Careful
@haydnjohnson
@haydnjohnson Social Engineer ToolKit (SET)
@haydnjohnson SET Installed in Kali by default!
@haydnjohnson SET Installed in Kali by default!
@haydnjohnson SET Options!
@haydnjohnson SET More Options!
@haydnjohnson Requirements - Phishing framework ❏ Send email ❏ Track email opening ❏ Clone website & save credentials ❏ Graphs / Results
@haydnjohnson Requirements - Phishing framework Send Email FiercePhish YES GoPhish YES SET YES Cobalt Strike YES
@haydnjohnson GoPhish |
@haydnjohnson | FiercePhish
@haydnjohnson Cobalt Strike
@haydnjohnson Requirements - Phishing framework Track Opening email FiercePhish NO GoPhish YES SET YES Cobalt Strike YES
@haydnjohnson GoPhish
@haydnjohnson Fierce Phish
@haydnjohnson Requirements - Phishing framework Clone a website & save credentials FiercePhish NO GoPhish YES SET YES Cobalt Strike YES
@haydnjohnson GoPhish
@haydnjohnson SET
@haydnjohnson Cobalt Strike
@haydnjohnson Requirements - Phishing framework Graphs / Result recording FiercePhish YES GoPhish YES SET YES Cobalt Strike YES & YES
@haydnjohnson Practice
@haydnjohnson Morning Catch VM Practice Phishing No DNS https://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/
@haydnjohnson Morning Catch Login Page https://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/
@haydnjohnson Morning Catch Email
@haydnjohnson Morning Catch Warning:
@haydnjohnson Webpages
@haydnjohnson Cloud - DropBox http://withr.me/add-domain-name-for-your-ser ver-on-digitalocean/
@haydnjohnson Domain
@haydnjohnson Domain
@haydnjohnson HTML Not perfect
@haydnjohnson HTML Does the job
@haydnjohnson All the payloads
@haydnjohnson Website - SSL ❏ It's just too easy ❏ Seems more legit Sources: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-onubuntu-14-04 http://www.irongeek.com/i.php?page=videos/bsidesphilly2016/cj00-attackers-perspective-a-technicaldemonstrat ion-of-an-email-phishing-attack-zac-davist
@haydnjohnson Website - SSL ❏ Create demo user ❏ Download letsencrypt + install (python) ❏ Run – add domain + allow 443 ❏ SSL encrypted Sources: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
@haydnjohnson Website - SSL ❏ Started with no SSL
@haydnjohnson Website - SSL ❏ sudo add-apt-repository ppa:certbot/certbot ❏ sudo apt-get install python-certbot-apache ❏ sudo certbot --apache -d example.com
@haydnjohnson Website - SSL ❏ allow port 443 through firewall!
@haydnjohnson Website - SSL ❏ It is secure!
@haydnjohnson Different Payloads
@haydnjohnson Payloads ❏ HTA ❏ Click Once ❏ DLL
@haydnjohnson Payloads HTA (executable) HTML Applications https://enigma0x3.net/2016/03/15/phishing-with-empire/ https://en.wikipedia.org/wiki/HTML_Application https://blog.malwarebytes.com/cybercrime/2016/09/surfacing-hta-infections/
@haydnjohnson HTA Empire https://enigma0x3.net/2016/03/15/phishing-with-empire/
@haydnjohnson HTA
@haydnjohnson HTA Testing
@haydnjohnson HTA User Interaction 1
@haydnjohnson HTA User Interaction 2
@haydnjohnson HTA User Interaction 3
@haydnjohnson HTA Receive Shell
@haydnjohnson DLL Empire https://sensepost.com/blog/2016/intercepting-passwords-with-empire-and-winning/
@haydnjohnson DLL Creating DLL
@haydnjohnson DLL Serving DLL
@haydnjohnson DLL Serving DLL
@haydnjohnson DLL Rundll32.exe
@haydnjohnson DLL MSF Wouldn’t work https://www.sixdub.net/?p=627 http://www.powershellempire.com/?page_id=135
@haydnjohnson Click Once
@haydnjohnson Click Once Idea from: http://www.irongeek.com/i.php?page=videos/bsidesphilly2 016/cj00-attackers-perspective-a-technical-demonstration-o f-an-email-phishing-attack-zac-davis Great amazing video - phishing & post-exploitation
@haydnjohnson Click Once Works up to Win 7 Requires Internet Explorer Win 8 == Smart Screen Filter (Signed Cert) https://blog.netspi.com/all-you-need-is-one-a-clickonce-love-story/ https://msdn.microsoft.com/en-us/library/t71a733d.aspx https://msdn.microsoft.com/en-us/library/748fh114.aspx
@haydnjohnson Click once Placed in COA/Application Files/
@haydnjohnson
@haydnjohnson Click Once Using JavaScript ❏ window.open() ❏ IE blocks popup
@haydnjohnson Click Once Using JavaScript ❏ window.open()
@haydnjohnson Click Once Using JavaScript ❏ window.open() ❏ IE blocks popup
@haydnjohnson Click Once Using JavaScript ❏ 2nd popup
@haydnjohnson Click Once “Click Once” ❏ 3rd popup
@haydnjohnson Click Once Submit Button ❏ action=
@haydnjohnson To PHP page Click Once
@haydnjohnson Click Once PHP to COA folder ❏ header()
@haydnjohnson Click Once User Interaction
@haydnjohnson Click Once Calc.exe
@haydnjohnson Key Take aways
@haydnjohnson Lesson Learned ❏ Consider the user interaction ❏ Consider the technology to bypass
@haydnjohnson Lesson Learned ❏ Things gonna not work ❏ Try and test ❏ Think outside the square
@haydnjohnson Questions and Comments Thank you

Empfohlen

Nolacon phishing 2017_haydn_johnson
Nolacon phishing 2017_haydn_johnsonNolacon phishing 2017_haydn_johnson
Nolacon phishing 2017_haydn_johnson
Haydn Johnson
 
Bsides to 2016-penetration-testing
Bsides to 2016-penetration-testingBsides to 2016-penetration-testing
Bsides to 2016-penetration-testing
Haydn Johnson
 
PT_OWASP_AUSTIN_2017
PT_OWASP_AUSTIN_2017PT_OWASP_AUSTIN_2017
PT_OWASP_AUSTIN_2017
Haydn Johnson
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
Haydn Johnson
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
Haydn Johnson
 
UOIT Purple Team - Student Edition 2017
UOIT Purple Team - Student Edition 2017UOIT Purple Team - Student Edition 2017
UOIT Purple Team - Student Edition 2017
Haydn Johnson
 
BSides Columbus: Active Defense - Helping threat actors hack themselves!
BSides Columbus: Active Defense - Helping threat actors hack themselves!BSides Columbus: Active Defense - Helping threat actors hack themselves!
BSides Columbus: Active Defense - Helping threat actors hack themselves!
ThreatReel Podcast
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developer
Steve Poole
 

Empfohlen

Nolacon phishing 2017_haydn_johnson
Nolacon phishing 2017_haydn_johnsonNolacon phishing 2017_haydn_johnson
Nolacon phishing 2017_haydn_johnson
Haydn Johnson
 
Bsides to 2016-penetration-testing
Bsides to 2016-penetration-testingBsides to 2016-penetration-testing
Bsides to 2016-penetration-testing
Haydn Johnson
 
PT_OWASP_AUSTIN_2017
PT_OWASP_AUSTIN_2017PT_OWASP_AUSTIN_2017
PT_OWASP_AUSTIN_2017
Haydn Johnson
 
How to Plan Purple Team Exercises
How to Plan Purple Team ExercisesHow to Plan Purple Team Exercises
How to Plan Purple Team Exercises
Haydn Johnson
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
Haydn Johnson
 
UOIT Purple Team - Student Edition 2017
UOIT Purple Team - Student Edition 2017UOIT Purple Team - Student Edition 2017
UOIT Purple Team - Student Edition 2017
Haydn Johnson
 
BSides Columbus: Active Defense - Helping threat actors hack themselves!
BSides Columbus: Active Defense - Helping threat actors hack themselves!BSides Columbus: Active Defense - Helping threat actors hack themselves!
BSides Columbus: Active Defense - Helping threat actors hack themselves!
ThreatReel Podcast
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developer
Steve Poole
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php Security
Dave Ross
 
Web Application Security: Winning When The Odds Are Against You
Web Application Security: Winning When The Odds Are Against YouWeb Application Security: Winning When The Odds Are Against You
Web Application Security: Winning When The Odds Are Against You
bendechrai
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
Wim Godden
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Benedek Menesi
 
Government Next: NIC Presentation
Government Next: NIC PresentationGovernment Next: NIC Presentation
Government Next: NIC Presentation
Tara Hunt
 
Evolution Of Web Security
Evolution Of Web SecurityEvolution Of Web Security
Evolution Of Web Security
Chris Shiflett
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
Chris Gates
 
Information Retrieval and Extraction
Information Retrieval and ExtractionInformation Retrieval and Extraction
Information Retrieval and Extraction
Christopher Frenz
 
How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works
Pinpointe On-Demand
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Nipun Jaswal
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 Sofia
Steve Poole
 
Modern phishing-techniques
Modern phishing-techniquesModern phishing-techniques
Modern phishing-techniques
Farkhad Badalov
 
Attacks on the cyber world
Attacks on the cyber worldAttacks on the cyber world
Attacks on the cyber world
Nikhil Tripathi
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Project
xsist10
 
Digital Identity
Digital IdentityDigital Identity
Digital Identity
ZendCon
 
Phishing
PhishingPhishing
Phishing
Ajit Yadav
 
Web scraping 101 with goutte
Web scraping 101 with goutteWeb scraping 101 with goutte
Web scraping 101 with goutte
Joshua Copeland
 
H4x0rs gonna hack
H4x0rs gonna hackH4x0rs gonna hack
H4x0rs gonna hack
Xchym Hiệp
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application Security
Christian Heilmann
 
Writing Vibrant, Compelling Copy
Writing Vibrant, Compelling CopyWriting Vibrant, Compelling Copy
Writing Vibrant, Compelling Copy
Ginny Redish
 
Introduction to Just in Time Access - BrightTalk
Introduction to Just in Time Access - BrightTalkIntroduction to Just in Time Access - BrightTalk
Introduction to Just in Time Access - BrightTalk
Haydn Johnson
 
Communication hack fest-2018-final
Communication hack fest-2018-finalCommunication hack fest-2018-final
Communication hack fest-2018-final
Haydn Johnson
 

Weitere ähnliche Inhalte

Ähnlich wie Phishing dc618 haydnjohnson

Web Application Security: Winning When The Odds Are Against You
Web Application Security: Winning When The Odds Are Against YouWeb Application Security: Winning When The Odds Are Against You
Web Application Security: Winning When The Odds Are Against You
bendechrai
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Benedek Menesi
 

Ähnlich wie Phishing dc618 haydnjohnson (20)

Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php Security
 
Web Application Security: Winning When The Odds Are Against You
Web Application Security: Winning When The Odds Are Against YouWeb Application Security: Winning When The Odds Are Against You
Web Application Security: Winning When The Odds Are Against You
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical GuideProtecting Microsoft Teams from Cyber Security Threats - a Practical Guide
Protecting Microsoft Teams from Cyber Security Threats - a Practical Guide
 
Government Next: NIC Presentation
Government Next: NIC PresentationGovernment Next: NIC Presentation
Government Next: NIC Presentation
 
Evolution Of Web Security
Evolution Of Web SecurityEvolution Of Web Security
Evolution Of Web Security
 
Gates Toorcon X New School Information Gathering
Gates Toorcon X New School Information GatheringGates Toorcon X New School Information Gathering
Gates Toorcon X New School Information Gathering
 
Information Retrieval and Extraction
Information Retrieval and ExtractionInformation Retrieval and Extraction
Information Retrieval and Extraction
 
How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works How an Enterprise SPAM Filter Works
How an Enterprise SPAM Filter Works
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
 
Cybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 SofiaCybercrime and the Developer Java2Days 2016 Sofia
Cybercrime and the Developer Java2Days 2016 Sofia
 
Modern phishing-techniques
Modern phishing-techniquesModern phishing-techniques
Modern phishing-techniques
 
Attacks on the cyber world
Attacks on the cyber worldAttacks on the cyber world
Attacks on the cyber world
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Project
 
Digital Identity
Digital IdentityDigital Identity
Digital Identity
 
Phishing
PhishingPhishing
Phishing
 
Web scraping 101 with goutte
Web scraping 101 with goutteWeb scraping 101 with goutte
Web scraping 101 with goutte
 
H4x0rs gonna hack
H4x0rs gonna hackH4x0rs gonna hack
H4x0rs gonna hack
 
Things that go bump on the web - Web Application Security
Things that go bump on the web - Web Application SecurityThings that go bump on the web - Web Application Security
Things that go bump on the web - Web Application Security
 
Writing Vibrant, Compelling Copy
Writing Vibrant, Compelling CopyWriting Vibrant, Compelling Copy
Writing Vibrant, Compelling Copy
 

Mehr von Haydn Johnson

Introduction to Just in Time Access - BrightTalk
Introduction to Just in Time Access - BrightTalkIntroduction to Just in Time Access - BrightTalk
Introduction to Just in Time Access - BrightTalk
Haydn Johnson
 

Mehr von Haydn Johnson (11)

Introduction to Just in Time Access - BrightTalk
Introduction to Just in Time Access - BrightTalkIntroduction to Just in Time Access - BrightTalk
Introduction to Just in Time Access - BrightTalk
 
Communication hack fest-2018-final
Communication hack fest-2018-finalCommunication hack fest-2018-final
Communication hack fest-2018-final
 
Kubernetes - security you need to know about it
Kubernetes - security you need to know about itKubernetes - security you need to know about it
Kubernetes - security you need to know about it
 
Human(e) Security in a World of Business 2018
Human(e) Security in a World of Business 2018Human(e) Security in a World of Business 2018
Human(e) Security in a World of Business 2018
 
Purple teaming Cyber Kill Chain
Purple teaming Cyber Kill ChainPurple teaming Cyber Kill Chain
Purple teaming Cyber Kill Chain
 
ProsVJoes - Task 2016
ProsVJoes - Task 2016ProsVJoes - Task 2016
ProsVJoes - Task 2016
 
Automation of Penetration Testing
Automation of Penetration TestingAutomation of Penetration Testing
Automation of Penetration Testing
 
Empire Work shop
Empire Work shopEmpire Work shop
Empire Work shop
 
Meterpreter awareness
Meterpreter awarenessMeterpreter awareness
Meterpreter awareness
 
Power sploit persistence walkthrough
Power sploit persistence walkthroughPower sploit persistence walkthrough
Power sploit persistence walkthrough
 
Purple View
Purple ViewPurple View
Purple View
 

Kürzlich hochgeladen

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Kürzlich hochgeladen (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Phishing dc618 haydnjohnson