Recently a lot of focus in BeEF has been towards developing cool new features that help the day to day job of a social engineer, hereafter known as “The Butcher”.
We have been working very hard and secretively in the last months to widen our range of meaty goods within the Browser Exploitation Framework. During this talk we will release new modules and extensions specifically aimed toward automating the technical parts of a social engineer attack.
Employing techniques that are currently used is great, however “The Butcher” wishes to impart knowledge upon the attendees regarding new techniques that employ successful vectors targeting different browser within different security contexts.
After introducing people to the project who may have never heard of it before, we will be sharing information about real social engineering / penetration testing work that we have done recently and how we have advanced BeEF to achieve maximum coverage. This includes:
Website Cloning: but you haven’t seen it like this before!
Email Spoofing: mass email, easy.
Browser Control / Pwnage Automation: control BeEF programmatically using the RESTful API.