Phishing & OOB Exfiltration Through Purple Tinted Glasses

  • Date 05 Jun 2019

Phishing & OOB Exfiltration Through Purple Tinted Glasses

05 Jun 2019, 14:15 - 15:00

Geek Street
Language:
English

The proliferation of client-side attacks continues to grow, as attackers are increasingly aware their chances of success are increased if they can get the victim to open for the door them.

Using our enterprise simulated training lab, we will setup and execute a phishing campaign that bypasses AV and results in a foothold on a target network. We’ll then switch hats and use an ELK stack to identify logs and IOCs. The session will then move onto data exfiltration, where DNS and ICMP out-of-band channels will be established. Finally, we’ll jump back into blue and show where logging can help identify the above exfiltration methods, providing an overall perspective of both attack and defence.

Learning Outcomes:

  1. Knowledge of phishing setup and execution
  2. Tweaking payloads to bypass defensive protections
  3. Setup and execution of out-of-band channel data exfiltration over DNS and ICMP
  4. Introduction to ELK stack functionality
  5. Monitoring/logging of compromise and data exfiltration

 

Contributors

  • Owen Shearing

    Speaker

    Co-Founder

    In.security

    Owen Shearing is a co-founder of in.security Ltd. He is a CREST CCT level security consultant with a strong background in networking and IT...

  • Will Hunt

    Speaker

    Co-Founder

    In.security

    Will Hunt is a cyber security consultant with over 10 years’ experience. He co-founded in.security Ltd, a specialist cyber security company...

Business Issues covered

  1. What will this session help you to do?
    • Understand internal and external threats and keep a business secure‎

ReedExpo.Nova.Framework.Categorization.CategorySelection

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies.