Overview
Explore effective and mostly free defenses against the phishing kill chain in this 36-minute conference talk from Derbycon 7. Learn about practical examples, email anti-spam techniques, domain registration monitoring, DNS twist, phishing and malspam reporting mechanisms, Office macro security, malicious binary protection, networking defenses against evil links and C2, and recent PDF threats. Gain valuable insights into mitigating various stages of phishing attacks and enhancing overall cybersecurity posture.
Syllabus
Intro
INTRO
OBLIGATORY DISCLAIMER
OBJECTIVES
KILL CHAIN - PRACTICAL EXAMPLE
EMAIL - GENERAL ANTI-SPAM
DOMAIN REGISTRATION MONITORING
DNS TWIST
PHISH / MALSPAM-ATTACHMENTS
PHISH / MALSPAM - REPORTING MECHANISM
OFFICE MACRO-ADFS
OFFICE MACRO-OFFICE PROTECTED VIEW
OFFICE MACRO-SCRIPT EXTENSIONS
MALICIOUS BINARY - SRP
MALICIOUS BINARY - BIN FIREWALLING
NETWORKING - EVIL LINKS & C2
RECENT PDF UPTICK
OFFICE MACRO-KILL CHAIN DEJA VU
PHISH - MITIGATION RECAP
QUESTIONS?