Beyond Takeover - Attacker's In. Now What?
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the dynamics of credential theft and account takeovers in this 49-minute conference talk from AppSecUSA 2017. Dive into a unique "victim's POV" research approach that traces attacker activity after compromising 57 fake identities on popular platforms like Google and Facebook over a 6-month period. Discover key insights on takeover timelines, attacker behavior patterns, and security practices employed by hackers. Learn about the phishing ecosystem, research objectives, and the process of creating authentic bait accounts. Analyze findings on access times, password reuse, trap effectiveness, and geographic distribution of attacks. Gain valuable takeaways for CISOs and cybersecurity professionals to enhance defense strategies against sophisticated phishing campaigns and account compromises.
Syllabus
Intro
Phish the Phishers
Social Attacks
Account Takeover Objectives
The Phishing Ecosystem
Research Objectives
The Research Process
Our Baits Network
Make Accounts Authentic
Account Monitoring
Trace Login Attempts
Credential Leakage
Account Penetration
Access Time
Password Reuse Practices
Effectiveness of Traps
Account Abuse
Story Time - Full account takeover
Manual or Automated?
Covering the tracks
Geo Distribution
Investigating incident
Conclusions
Human is Human
CISO Takeaways
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube