Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Hacking in the Far East 2: The Suit Works Wonders

Paul S. Ziegler is now shifting the focus over to the importance of one’s appearance and the Asian stereotypes with regard to informal classes of foreigners. For every element I’m going to point out to you today, after this we’re going to look at the exploitation vector, because that’s what makes...

Hacking in the Far East

The entry reflects an extremely interesting insight into the peculiarities of general security perception in Eastern Asia, presented by the well-known German computer security specialist Paul Sebastian Ziegler at Hack In The Box 2012 Conference. Today’s talk is entitled “I Honorably Assure You: It Is...

Advanced Phishing Tactics Beyond User Awareness 8: The Countermeasures

As a summary, Accuvant’s Eric Milam and Martin Bos are providing some food for thought on why user awareness is insufficient for preventing phishing attacks. Martin Bos: Like in every good presentation, what we really wanted to talk about here is why user awareness isn’t working. Once again, this was...

Advanced Phishing Tactics Beyond User Awareness 7: Getting Persuasive

Martin Bos and Eric Milam are now singling out some attributes of a successful attack, such authenticity of secure login page, excessive requests script, etc. Martin Bos: So, then what we do is we log in to our free GoDaddy email account, infosec@humana-portal.com. And what we do is we just save it in...

Advanced Phishing Tactics Beyond User Awareness 6: Payloads and Post Exploitation

This post highlights the possible options of picking the right payload, some tips to get around AVs, and the importance of what you do after getting the shell. Martin Bos: Alright, next thing you’ve got to do is, obviously, choose the payload (see image). I know this is more of my corporate slot....

Advanced Phishing Tactics Beyond User Awareness 5: Credential Harvesting and Other Attack Vectors

The speakers from Accuvant now proceed to demonstrate a couple of tricks they utilize for greater attack plausibility and credential harvesting on a pentest. Martin Bos: The next thing you got to do is choose the attack vector (see image). And this goes back to our research: what type of AV they are using,...

Advanced Phishing Tactics Beyond User Awareness 4: Creating an Attack Scenario

In this section, Martin Bos and Eric Milam are discussing the different nuances to be taken into account for optimal phishing attack implementation workflow. Martin Bos: The next thing we do is we have to create a scenario. How are we going to get these people to click on the link? So, the first thing that...

Advanced Phishing Tactics Beyond User Awareness 3: Creating a Valid Email List for the Attack

Accuvant’s Martin Bos and Eric Milam now demonstrate a demo on building a list of company employees based on Jigsaw data and some social engineering tricks. Martin Bos: Basically, what we’re doing here is we’re going to look for a company. The first thing you want to do is do an ‘-s’ and...

Advanced Phishing Tactics Beyond User Awareness 2: Anatomy of a Spear Phishing Attack

Sharing their pentesting experience, Martin Bos and Eric Milam outline the stages of a spear phishing attack and analyze email harvesting as a starting point. Martin Bos: Here are our obligatory statistics (see image); every presentation has to have some statistics. Like I said, these are more for the...

Advanced Phishing Tactics Beyond User Awareness

Accuvant LABS’ Senior Security Consultant Martin Bos and the Company’s Principal Security Assessor Eric Milam spotlight the issues related to spear phishing from the pentester’s perspective during their session at Hack3rCon event. Martin Bos: Hi everybody! We’re here from Accuvant LABS; we’re...