Phishing - Going from Recon to Credentials

Explore a comprehensive overview of phishing attacks and defense strategies in this BSides Knoxville 2015 conference talk. Delve into various types of phishing, including spear phishing and whaling, and learn about the setup and deployment of phishing campaigns through domain registration, email systems, and web server configurations. Discover techniques for credential harvesting, post-exploitation activities, and malware deployment. Gain insights into effective preparation, user awareness, detection, and response strategies to combat phishing threats. Examine the SpeedPhish Framework (SPF), an automated tool for conducting phishing exercises, and its potential future features. Enhance your understanding of this critical cybersecurity topic to better protect individuals and organizations from sophisticated phishing attempts.

Intro
"Phishing is the attempt to acquire sensitive information...by masquerading as a trustworthy entity in an electronic communication." - Wikipedia Phishing
Types of Attacks • Phishing - Usually no specific targets and for monetary gain • Spear Phishing - specific individuals or groups • Whaling - targeting executives
Setup and Deploy - Domain & Email • Domain Registration • Mass Mailers • Open Relays for the target domain
Setup and Deploy - Web • Web Server Setup • Web Site Cloning • Web Application Development
Responses / Post Exploitation • Credential Harvesting - testing credentials • Additional phishing attacks from trusted accounts • Malware - Connecting to botnet/shells and maintaining persistence • Elevating Privileges • Pillage
Preparation User Awareness & Periodic Testing Detection & Analysis Alerts, Mail Proxies Containment, Eradication and Recovery Have a plan that is ready and tested
SpeedPhish Framework - SPF • Automates common tasks needed to perform a phishing exercise • Written in Python • Full/Partial automation • Can make use of external tools if available
Future Features • Company Profiler