Company phishing trip sans siem summit 2019

•

0 likes•58 views

This document summarizes a presentation about company phishing trips. It discusses how phishing kits work and how they are often deployed through unpatched systems or content management systems like WordPress. It also describes ways to detect phishing kits, such as monitoring TLS certificates for domain names similar to your company, and using tools like Certstream to track new certificates. The presentation recommends responding to phishing threats by deploying "honeycreds" - fake credentials placed to observe which ones are tested by attackers. Statistics on hundreds of fake credentials placed showed most were tested within hours or days.

Technology

Company Phishing Trip
Jared Peck
SANS SIEM SUMMIT
October 7th, 2019

Background
Firefighter
Paramedic
Sysadmin
SOC Analyst
Threat Intelligence

What is a Phishing Kit?
• Pre-packaged
• Easy to deploy
• Often a .zip file
• May be PhaaS
boxman19.zip
apple.zip
username18.zip
bulletprofitlink
16shop

How are most kits deployed?
• Unpatched Systems!
• Wordpress
• Joomla
• Other CMS Systems

$No Honor Among Thieves / Function to get country and country sort; function country_sort(){ $sorter = ""; $array = array(114,101,115,117,108,116,98,111,120,49,52,64,103,109,97,105,108,46,99,111,109); $count = count($array); for ($i = 0; $i < $count; $i++) { $sorter .= chr($array[$i]); } return array($sorter, $GLOBALS['recipient']); }$

No Honor Among Thieves
• Translates to “resultbox14@gmail.com”
• Address still registered!

Phish Finders
@PhishingAi
@Feedphish
@nullcookies
@JayTHL
@dave_daves
@MSAdministrator
ANYONE TWEETING
@ YOUR COMPANY!

Phishing Guides
• Openphish
• Phishtank
• Phishbank
• RSA
• RiskIQ

Finding Phish Yourself
• Certstream (Python)
• Track new TLS certificates issued
• “login.companyname.anysite.com”

https://gist.github.com/medic642/
• regex-certstream-slack.py

https://gist.github.com/medic642/
regex_certstream_mail.py

https://gist.github.com/medic642/
phish_ssdeep.py (in progress!!!)

Finding Phish Yourself
somepoorsap.com/wp-admin/mycompany.com/3b7a4c2a/login.php?state=y

Splunk all the Things!
index=waf sourcetype=logs (or wherever you have http referrer logs)
| fields http_referrer
| fields - _raw
| where (match(http_referrer, “<regex1>”) OR match(http_referrer,
“<regex2>”) OR <…>)
| stats count by http_referrer

• 1923 Yankees Roster
• 1886 Census List
• Famous shipwrecks?
I See Dead People

• 300+ “Honeycreds” placed
• 43% Seen tested
• Over 100 Testing IPs to monitor
• Hundreds of real customer creds
• Shortest = <1 minute
• Longest = ~ 1 year
• Some creds re-tested much later
Statistics

• Most credentials were tested within 24 hours
• Average (mean)– ~ 9 days
• Median – 5 hours
• 3-4 other customer creds tested with fakes most
times
More Statistics

Summary
• Understand phishing kits targeting your org
• Find these kits in your logs
• Build some regex detection
• Automate!

https://www.hubspot.com/state-of-marketing · Scaling relationships and proving ROI · Social media is the place for search, sales, and service · Authentic influencer partnerships fuel brand growth · The strongest connections happen via call, click, chat, and camera. · Time saved with AI leads to more creative work · Seeking: A single source of truth · TLDR; Get on social, try AI, and align your systems. · More human marketing, powered by robots

Everything You Need To Know About ChatGPT

Expeed Software

ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!

Product Design Trends in 2024 | Teenage Engineerings

Pixeldarts

How Race, Age and Gender Shape Attitudes Towards Mental Health

ThinkNow

Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits. To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups. Technology For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did. While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis. Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad. Age and Gender When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same. Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers. Race Affects Attitudes As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

marketingartwork

Skeleton Culture Code

Skeleton Technologies

PEPSICO Presentation to CAGNY Conference Feb 2024

Neil Kimberley

UiPath Community Day is a unique gathering designed to foster collaboration, learning, and networking with automation enthusiasts. Whether you're an automation developer, business analyst, IT professional, solution architect, CoE lead, practitioner or a student/educator excited about the prospects of artificial intelligence and automation technologies in the United States, then the UiPath Community Day is definitely the place you want to be. Join UiPath leaders, experts from the industry, and the amazing community members and let's connect over expert sessions, demos and use cases around AI in automation as we highlight our technology with a special speaker on Document Understanding. 📌Agenda 3:00 PM Registrations 3:30 PM Welcome note and Introductions | Corina Gheonea (Senior Director of Global UiPath Community) 4:00 PM Introduction to Document Understanding How to build and deploy Document Understanding process Where would Document Understanding be used. Demo Q&A 4:45 PM Customer/Partner showcase Accelirate Intro to Accelirate and history with UiPath Why are we excited about the new AI features of UiPath? Customer highlight a. Document Understanding – BJs Case Study b. Document Understanding + generative AI 5.30 PM Networking

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

Bits & Pixels using AI for Good.........

Alison B. Lowndes

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...

QADay

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

Content Methodology: A Best Practices Report (Webinar)

contently

How to Prepare For a Successful Job Search for 2024

Albert Qian

Recently uploaded

UiPath New York Community Day in-person event

DianaGray10

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

JMeter webinar - integration with InfluxDB and Grafana

RTTS

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

Bits & Pixels using AI for Good.........

Alison B. Lowndes

"Impact of front-end architecture on development cost", Viktor Turskyi

Fwdays

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Abida Shariff

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...

QADay

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

Recently uploaded (20)

UiPath New York Community Day in-person event

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

PHP Frameworks: I want to break free (IPC Berlin 2024)

JMeter webinar - integration with InfluxDB and Grafana

UiPath Test Automation using UiPath Test Suite series, part 3

How world-class product teams are winning in the AI era by CEO and Founder, P...

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

Bits & Pixels using AI for Good.........

"Impact of front-end architecture on development cost", Viktor Turskyi

The Art of the Pitch: WordPress Relationships and Sales

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx

Accelerate your Kubernetes clusters with Varnish Caching

КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...

Search and Society: Reimagining Information Access for Radical Futures

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Quantum Computing: Current Landscape and the Future Role of APIs

Featured

Content Methodology: A Best Practices Report (Webinar)

contently

How to Prepare For a Successful Job Search for 2024

Albert Qian

Social Media Marketing Trends 2024 // The Global Indie Insights

Kurio // The Social Media Age(ncy)

A report by thenetworkone and Kurio. The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).

Trends In Paid Search: Navigating The Digital Landscape In 2024

Search Engine Journal

The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands. It’s important that you’re ready to implement new strategies in 2024. Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024. You’ll learn: - The latest trends in AI and automation, and what this means for an evolving paid search ecosystem. - New developments in privacy and data regulation. - Emerging ad formats that are expected to make an impact next year. Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape. If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.

5 Public speaking tips from TED - Visualized summary

SpeakerHub

From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world. With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively. The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage. Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience. See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers See the original article on Forbes here: http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b

ChatGPT and the Future of Work - Clark Boyd

Clark Boyd

Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world. Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance. For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age. Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.

Getting into the tech field. what next

Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Lily Ray

How to have difficult conversations

Rajiv Jayarajah, MAppComm, ACC

Introduction to Data Science

Christy Abraham Joy

Time Management & Productivity - Best Practices

Vit Horky

The six step guide to practical project management

MindGenius

The six step guide to practical project management If you think managing projects is too difficult, think again. We’ve stripped back project management processes to the basics – to make it quicker and easier, without sacrificing the vital ingredients for success. “If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.” Dr Andrew Makar, Tactical Project Management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

RachelPearson36

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

Applitools

During this webinar, Anand Bagmar demonstrates how AI tools such as ChatGPT can be applied to various stages of the software development life cycle (SDLC) using an eCommerce application case study. Find the on-demand recording and more info at https://applitools.info/b59 Key takeaways: • Learn how to use ChatGPT to add AI power to your testing and test automation • Understand the limitations of the technology and where human expertise is crucial • Gain insight into different AI-based tools • Adopt AI-based tools to stay relevant and optimize work for developers and testers * ChatGPT and OpenAI belong to OpenAI, L.L.C.

12 Ways to Increase Your Influence at Work

GetSmarter

ChatGPT webinar slidesAlireza Esmikhani

More than Just Lines on a Map: Best Practices for U.S Bike Routes

Project for Public Spaces & National Center for Biking and Walking

Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...

DevGAMM Conference

Has your project been caught in a storm of deadlines, clashing requirements, and the need to change course halfway through? If yes, then check out how the administration team navigated through all of this, relocating 160 people from 3 countries and opening 2 offices during the most turbulent time in the last 20 years. Belka Games’ Chief Administrative Officer, Katerina Rudko, will share universal approaches and life hacks that can help your project survive unstable periods when there seem to be too many tasks and a lack of time and people.

Barbie - Brand Strategy Presentation

Erica Santiago

Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well

Saba Software

According to the latest State of the American Manager report from Gallup, employees who have regular meetings with their managers are almost three times as likely to be engaged as those who don’t. These regular check-ins keep managers and employees in sync and aligned. Want to see better manager/employee relationships in your organisation? Then make an all-in commitment to 1:1 meetings. Not sure how? You’ve come to the right place. In this webinar with Jamie Resker, Founder and Practice Leader for Employee Performance Solutions (EPS), and Teala Wilson, Talent Management Consultant at Saba Software, you’ll get the inside track on how to hold effective 1:1 meetings, including tips for getting managers on board. • Go beyond discussing the status of everyday work to higher level topics, including recognition, performance, development, and career aspirations • Learn how to decide meeting frequency, what to cover, as well as roles and responsibilities of the manager and employee • Understand how managers can build trust and make it comfortable for employees to provide upward feedback • Unite your organisation with a unified approach to 1:1 meetings Join us for this 1-hour webinar to get practical tips for building better manager-employee relationships with intention and purpose. About the Speakers Jamie Resker - Founder and Practice Leader for Employee Performance Solutions (EPS) Jamie Resker, Practice Leader and Founder of Employee Performance Solutions, is a recognized innovator in performance management. She is the originator of the-the Performance Continuum Feedback Method® and Conversations to Optimize Employee Performance training program; tools and training that reshape communications between managers and employees to drive and align performance. Jamie is on the faculty for the Northeast Human Resources Association, is a contributor to Halogen Software's Talent Space Blog, and is an editorial advisory board member for HR Examiner. Teala Wilson - Senior Consultant, Strategic Services, Saba Software Teala is a Talent Management Consultant at Halogen Software, now a part of Saba Software. She has worked with teams on a national and global level supporting human resources in areas such as performance management, recruitment, employee benefit programs, training and talent development, workforce planning and internal communications. Teala also has a personal passion for visual arts and design. Want to learn more? Join us for an upcoming Product Tour! http://bit.ly/2yitfqu

Featured (20)

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

12 Ways to Increase Your Influence at Work

ChatGPT webinar slides

More than Just Lines on a Map: Best Practices for U.S Bike Routes

Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...

Barbie - Brand Strategy Presentation

Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well

Company phishing trip sans siem summit 2019

1. Company Phishing Trip Jared Peck SANS SIEM SUMMIT October 7th, 2019

2. Background Firefighter Paramedic Sysadmin SOC Analyst Threat Intelligence

3. Why Are We Here?

4. What is a Phishing Kit? • Pre-packaged • Easy to deploy • Often a .zip file • May be PhaaS boxman19.zip apple.zip username18.zip bulletprofitlink 16shop

5. PhaaS

6. Pay Your Bill!

7. How are most kits deployed? • Unpatched Systems! • Wordpress • Joomla • Other CMS Systems

8. Basic Kit

9. Basic Kit

10. Basic Kit – login.php

11. HTML

12. login.php

13. Confirm.php

14. Pwned!

15. Give it Some Legitimacy

16. Let’s Gut a Bigger Phish

17. Let’s Gut a Bigger Phish

18. blockerz.php

19. Sc.php

20. Phisherman?

21.

22. Phishing off the Dox?

23. Real Phisherman?

24. Real Phisherman…(index.php)

25. Famous Phisherman…(index.php)

26. Something Smells Phishy…(index.php)

27. Phisherman’s Friend?

28. Phisherman’s Friend?

29. No Honor Among Thieves / Function to get country and country sort; function country_sort(){ $sorter = ""; $array = array(114,101,115,117,108,116,98,111,120,49,52,64,103,109,97,105,108,46,99,111,109); $count = count($array); for ($i = 0; $i < $count; $i++) { $sorter .= chr($array[$i]); } return array($sorter, $GLOBALS['recipient']); }

30. No Honor Among Thieves • Translates to “resultbox14@gmail.com” • Address still registered!

31. Shenanigans

32. Shenanigans

33. Phish Finders

34. Phish Finders @PhishingAi @Feedphish @nullcookies @JayTHL @dave_daves @MSAdministrator ANYONE TWEETING @ YOUR COMPANY!

35. Phishing Guides • Openphish • Phishtank • Phishbank • RSA • RiskIQ

36. Finding Phish Yourself

37. Finding Phish Yourself • Certstream (Python) • Track new TLS certificates issued • “login.companyname.anysite.com”

38. https://gist.github.com/medic642/ • regex-certstream-slack.py

39. https://gist.github.com/medic642/ regex_certstream_mail.py

40. https://gist.github.com/medic642/ phish_ssdeep.py (in progress!!!)

41. Finding Phish Yourself

42. Finding Phish Yourself somepoorsap.com/wp-admin/mycompany.com/3b7a4c2a/login.php?state=y

43. Give it Some Legitimacy(again)

44. Splunk all the Things! index=waf sourcetype=logs (or wherever you have http referrer logs) | fields http_referrer | fields - _raw | where (match(http_referrer, “<regex1>”) OR match(http_referrer, “<regex2>”) OR <…>) | stats count by http_referrer

45. So….Now What?

46. “HoneyCreds”

47. First Try

48. Enhance!

49. A Man Has No Name(s)

50. • 1923 Yankees Roster • 1886 Census List • Famous shipwrecks? I See Dead People

51. • 300+ “Honeycreds” placed • 43% Seen tested • Over 100 Testing IPs to monitor • Hundreds of real customer creds • Shortest = <1 minute • Longest = ~ 1 year • Some creds re-tested much later Statistics

52. • Most credentials were tested within 24 hours • Average (mean)– ~ 9 days • Median – 5 hours • 3-4 other customer creds tested with fakes most times More Statistics

53. Summary • Understand phishing kits targeting your org • Find these kits in your logs • Build some regex detection • Automate!

54. Jared Peck @medic642 Questions?

Company phishing trip sans siem summit 2019

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Company phishing trip sans siem summit 2019