Phishing - Going from Recon to Credentials

Phishing - Going from Recon to Credentials

via YouTube Direct link

Intro

1 of 9

1 of 9

Intro

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Phishing - Going from Recon to Credentials

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 "Phishing is the attempt to acquire sensitive information...by masquerading as a trustworthy entity in an electronic communication." - Wikipedia Phishing
  3. 3 Types of Attacks • Phishing - Usually no specific targets and for monetary gain • Spear Phishing - specific individuals or groups • Whaling - targeting executives
  4. 4 Setup and Deploy - Domain & Email • Domain Registration • Mass Mailers • Open Relays for the target domain
  5. 5 Setup and Deploy - Web • Web Server Setup • Web Site Cloning • Web Application Development
  6. 6 Responses / Post Exploitation • Credential Harvesting - testing credentials • Additional phishing attacks from trusted accounts • Malware - Connecting to botnet/shells and maintaining persistence • E…
  7. 7 Preparation User Awareness & Periodic Testing Detection & Analysis Alerts, Mail Proxies Containment, Eradication and Recovery Have a plan that is ready and tested
  8. 8 SpeedPhish Framework - SPF • Automates common tasks needed to perform a phishing exercise • Written in Python • Full/Partial automation • Can make use of external tools if available
  9. 9 Future Features • Company Profiler

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.