YoVDO

Beyond Takeover - Attacker's In. Now What?

Offered By: OWASP Foundation via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Password Management Courses Phishing Attacks Courses Credential Theft Courses

Course Description

Overview

Explore the dynamics of credential theft and account takeovers in this 49-minute conference talk from AppSecUSA 2017. Dive into a unique "victim's POV" research approach that traces attacker activity after compromising 57 fake identities on popular platforms like Google and Facebook over a 6-month period. Discover key insights on takeover timelines, attacker behavior patterns, and security practices employed by hackers. Learn about the phishing ecosystem, research objectives, and the process of creating authentic bait accounts. Analyze findings on access times, password reuse, trap effectiveness, and geographic distribution of attacks. Gain valuable takeaways for CISOs and cybersecurity professionals to enhance defense strategies against sophisticated phishing campaigns and account compromises.

Syllabus

Intro
Phish the Phishers
Social Attacks
Account Takeover Objectives
The Phishing Ecosystem
Research Objectives
The Research Process
Our Baits Network
Make Accounts Authentic
Account Monitoring
Trace Login Attempts
Credential Leakage
Account Penetration
Access Time
Password Reuse Practices
Effectiveness of Traps
Account Abuse
Story Time - Full account takeover
Manual or Automated?
Covering the tracks
Geo Distribution
Investigating incident
Conclusions
Human is Human
CISO Takeaways


Taught by

OWASP Foundation

Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube
Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube
Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube
What's New in Grails 2.0
ChariotSolutions via YouTube
Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube