Explore advanced phishing tactics and strategies that go beyond traditional user awareness in this conference talk from Hack3rcon 2012. Delve into the world of spear phishing, including high-profile examples like White House targeting. Learn about pentesting methodologies, statistics, and target research techniques. Discover email harvesting methods, creating convincing fake emails, and developing effective attack scenarios. Examine the importance of email subject lines, layout, and attack vectors in successful phishing campaigns. Gain insights into changing WHOIS data, selecting payloads, and post-exploitation techniques. Watch a live demonstration and understand why conventional user awareness approaches often fall short. Explore practical solutions for limiting exposure, including network segmentation strategies.
Overview
Syllabus
Intro
Table of Contents
Introductions
What is spear fishing
White House spearfishing
Pentesting
Statistics
Target Research
Email Harvesting
Jigsaw
Fake Email
Create a Scenario
Email Subject
Email Layout
Attack Vector
Spearfishing
Changing Whois Data
Choosing the Payload
Postexploitation
Demo
Why User Awareness Isnt Working
How to Limit Exposure
Network Segmentation
