Beyond Takeover - Attacker's In. Now What?

Explore the dynamics of credential theft and account takeovers in this 49-minute conference talk from AppSecUSA 2017. Dive into a unique "victim's POV" research approach that traces attacker activity after compromising 57 fake identities on popular platforms like Google and Facebook over a 6-month period. Discover key insights on takeover timelines, attacker behavior patterns, and security practices employed by hackers. Learn about the phishing ecosystem, research objectives, and the process of creating authentic bait accounts. Analyze findings on access times, password reuse, trap effectiveness, and geographic distribution of attacks. Gain valuable takeaways for CISOs and cybersecurity professionals to enhance defense strategies against sophisticated phishing campaigns and account compromises.

Intro
Phish the Phishers
Social Attacks
Account Takeover Objectives
The Phishing Ecosystem
Research Objectives
The Research Process
Our Baits Network
Make Accounts Authentic
Account Monitoring
Trace Login Attempts
Credential Leakage
Account Penetration
Access Time
Password Reuse Practices
Effectiveness of Traps
Account Abuse
Story Time - Full account takeover
Manual or Automated?
Covering the tracks
Geo Distribution
Investigating incident
Conclusions
Human is Human
CISO Takeaways