Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Beyond Takeover - Attacker's In. Now What?

OWASP Foundation via YouTube

Overview

Explore the dynamics of credential theft and account takeovers in this 49-minute conference talk from AppSecUSA 2017. Dive into a unique "victim's POV" research approach that traces attacker activity after compromising 57 fake identities on popular platforms like Google and Facebook over a 6-month period. Discover key insights on takeover timelines, attacker behavior patterns, and security practices employed by hackers. Learn about the phishing ecosystem, research objectives, and the process of creating authentic bait accounts. Analyze findings on access times, password reuse, trap effectiveness, and geographic distribution of attacks. Gain valuable takeaways for CISOs and cybersecurity professionals to enhance defense strategies against sophisticated phishing campaigns and account compromises.

Syllabus

Intro
Phish the Phishers
Social Attacks
Account Takeover Objectives
The Phishing Ecosystem
Research Objectives
The Research Process
Our Baits Network
Make Accounts Authentic
Account Monitoring
Trace Login Attempts
Credential Leakage
Account Penetration
Access Time
Password Reuse Practices
Effectiveness of Traps
Account Abuse
Story Time - Full account takeover
Manual or Automated?
Covering the tracks
Geo Distribution
Investigating incident
Conclusions
Human is Human
CISO Takeaways

Taught by

OWASP Foundation

Reviews

Start your review of Beyond Takeover - Attacker's In. Now What?

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.