SlideShare a Scribd company logo

Deep Sea Phishing Gear

Dimitry Snezhkov
Dimitry Snezhkov

DeepSea phishing gear aims to help RTOs and pentesters with the delivery of opsec-tight, flexible email phishing campaigns carried out on the outside as well as on the inside of a perimeter. Code: https://github.com/dsnezhkov/deepsea/ Goals Operate with a minimal footprint deep inside enterprises (Internal phish delivery). Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on-prem mail servers) Quickly re-target connectivity parameters. Flexibly add headers, targets, attachments Correctly format and inline email templates, images and multipart messages. Use content templates for personalization Account for various secure email communication parameters Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns. Help create content with minimal dependencies. Embedded tools to support Markdown->HTML->TXT workflow.

Software
1 of 41
Download to read offline
Deep Sea Phishing Gear Dimitry Snezhkov
$who -m 9/25/2020 2 D.Snezhkov – Red Team Oper @ XFR The feeling is mutual We !admins
Deep Sea Phishing Gear 9/25/2020 3 “Aims to help red team operators and pentesters with the delivery of portable, OpSec-tight, flexible email phishing campaigns carried out on the outside and on the inside of a perimeter.” Ok, I have like 10 phishing tools already …
9/25/2020 4 Why another tool? • Increased Portability • Operational Security • Extensibility and Flexibility • Minimized Dependency footprint • Adaptability to harsh environments • Quick campaign retooling • Ability to mimic and augment existing email templates • Burning desire to keep a mark on the the hook for longer J
9/25/2020 5 Anatomy of a phish ü Flexibly add headers, targets, attachments. ü Correctly format and inline email templates, images and multipart messages. ü Use content templates for personalization. ü Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns.
9/25/2020 6 Anatomy of a phish ü Help create content with minimal dependencies. ü Embedded tools to support Markdown- >HTML->TXT workflow. ü Attribution Linking ü Concise configuration.
9/25/2020 7 Anatomy of a phish Accommodate Classic External Phishing Delivery
9/25/2020 8 Anatomy of a phish Accommodate Internal Phishing Delivery Not so classic J
9/25/2020 9 Anatomy of a phish ü Operate with a minimal footprint deep inside enterprises ü Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on- premise mail servers) ü Quickly re-target connectivity parameters. ü Account for various email communication parameters.
9/25/2020 10 Deep Sea: You want a MIME receipt too?
9/25/2020 11 Deep Sea Operation
9/25/2020 12 Deep Sea Operation 1. Use Deep Sea 2. How to construct and process content? 3. How to leverage exis<ng email templates? 4. How to embed resources in the email? 5. How to inline content? 6. How to mul<part content? 7. How to connect to an external service provider or relay? 8. How to connect to an internal service provider or relay? 9. How to aGach payloads? 10. How to send email? 11. How to use dynamic content? 12. How to construct aGributable links? 13. How to capture maintain threaded conversa<ons? 14. How to run mul<ple campaigns? See See See See See See See Ok, you get it...
9/25/2020 13 Deep Sea Operation Suit up. Going down
9/25/2020 14 Usage Op#on 1: Command line driver Option 2: Configuration file
9/25/2020 15 Deep Sea Configuration config.yml • YAML • Sections • Annotated • Examples All directives optional Mail Client
9/25/2020 16 Deep Sea Configuration Message Content
9/25/2020 17 Deep Sea Configuration Templates
9/25/2020 18 Deep Sea Configuration Backend
9/25/2020 19 Deep Sea Configuration Content Processing
9/25/2020 20 Deep Sea Configuration marks.csv • CSV • 1 Record per line
9/25/2020 21 Deep Sea Operation: Dynamic Marks Marks Content Template
9/25/2020 22 Deep Sea Operation: Infrastructure ü Provision backend DB (embedded) ü Import marks ü Queries, etc.
9/25/2020 23 Deep Sea Operation: Data Setup ü Inject dynamic template variables ü Inline email ü Multipart Email ü Send email
9/25/2020 24 Deep Sea Operation Email in the Inbox: Nice to meet you, Dan Lee! !
9/25/2020 25 Deep Sea Operation: Markdown Content Shell
9/25/2020 26 Deep Sea Operation: Markdown Content
9/25/2020 27 Deep Sea Operation: Markdown ü Convert from MD to HTML Template ü Inject dynamic template variables ü Inline email (Style merge) ü Mul@part Email ü Send email
9/25/2020 28 Deep Sea Operation: Markdown Email in the Inbox: Less HTML headache, more !
9/25/2020 29 Deep Sea Operation: Embed Resources Content Config.yml
9/25/2020 30 Deep Sea Operation: Embed Resources Email in the Inbox: Less External images, less detection, even more !
9/25/2020 31 Deep Sea Operation: Attachments Config.yml
9/25/2020 32 Deep Sea Operation: Attachments Email in the Inbox: Attached payload, more detection. Less !, more
9/25/2020 33 Deep Sea Operation: Mark Attribution Contentl
9/25/2020 34 Deep Sea Operation: Mark Attribution
9/25/2020 35 Deep Sea Operation: Mark Attribution
9/25/2020 36 Deep Sea Operation: MX Rebinding Phase I 1. Internal DeepSea deploys phish 2. Internal mark intends to respond 3. Internal mark’s infra looks up external adversarial domain MX/SPF record Phase II 1. MX rebinds SMTP server communication to an address of phisher on corporate network 2. Internal mail client sends email to DeepSea server 3. DeepSea accepts SMTP and carries on the thread
9/25/2020 37 Deep Sea Operation: MX Rebinding Reply to us. We ❤ our customers
9/25/2020 38 Deep Sea Operation: MX Rebinding. Mail LAN IP LAN IP MX lookup to LAN IP SPF send from LAN IP
9/25/2020 39 Summary • Operate with a minimal footprint deep inside enterprises (Internal phish delivery). • Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on-premise mail servers) • Quickly re-target connectivity parameters. • Flexibly add headers, targets, attachments. • Correctly format and inline email templates, images and multipart messages. • Use content templates for personalization. • Account for various secure email communication parameters. • Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns. • Help create content with minimal dependencies. • Embedded tools to support Markdown->HTML->TXT workflow. • Concise configuration.
9/25/2020 40 Deep Sea: Code https://github.com/dsnezhkov/deepsea Q&A? Thanks!
Deep Sea Phishing Gear

Recommended

Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryDimitry Snezhkov
 
21 Www Web Services
21 Www Web Services21 Www Web Services
21 Www Web Servicesroyans
 
Understanding the Web through HTTP
Understanding the Web through HTTPUnderstanding the Web through HTTP
Understanding the Web through HTTPOlivia Brundage
 
Introducing HTTP/2
Introducing HTTP/2Introducing HTTP/2
Introducing HTTP/2Ido Flatow
 
HTTP/2 What's inside and Why
HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and WhyAdrian Cole
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Denis Kolegov
 
What HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouWhat HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouMark Nottingham
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersDenis Kolegov
 

Recommended

Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryDimitry Snezhkov
 
21 Www Web Services
21 Www Web Services21 Www Web Services
21 Www Web Servicesroyans
 
Understanding the Web through HTTP
Understanding the Web through HTTPUnderstanding the Web through HTTP
Understanding the Web through HTTPOlivia Brundage
 
Introducing HTTP/2
Introducing HTTP/2Introducing HTTP/2
Introducing HTTP/2Ido Flatow
 
HTTP/2 What's inside and Why
HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and WhyAdrian Cole
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Denis Kolegov
 
What HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouWhat HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouMark Nottingham
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersDenis Kolegov
 
Rutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaRutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaMichael Dobe, Ph.D.
 
HTTP/2 for Developers
HTTP/2 for DevelopersHTTP/2 for Developers
HTTP/2 for DevelopersSvetlin Nakov
 
Debugging with Fiddler
Debugging with FiddlerDebugging with Fiddler
Debugging with FiddlerIdo Flatow
 
Getting started with fiddler
Getting started with fiddlerGetting started with fiddler
Getting started with fiddlerZhi Zhong
 
What's New in HTTP/2
What's New in HTTP/2What's New in HTTP/2
What's New in HTTP/2NGINX, Inc.
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesBrent Shaffer
 
Http2
Http2Http2
Http2Daniel Stenberg
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
Side-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and DefensesSide-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and DefensesTom Van Goethem
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
INFT132 093 03 Web Concepts
INFT132 093 03 Web ConceptsINFT132 093 03 Web Concepts
INFT132 093 03 Web ConceptsMichael Rees
 
HTTP/2: What no one is telling you
HTTP/2: What no one is telling youHTTP/2: What no one is telling you
HTTP/2: What no one is telling youFastly
 
Http/2 - What's it all about?
Http/2 - What's it all about?Http/2 - What's it all about?
Http/2 - What's it all about?Andy Davies
 
Php 5 Power Programming
Php 5 Power ProgrammingPhp 5 Power Programming
Php 5 Power Programmingkansas
 
Http2 right now
Http2 right nowHttp2 right now
Http2 right nowDaniel Stenberg
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersDenis Kolegov
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
Web Hosting Starter Guide
Web Hosting Starter GuideWeb Hosting Starter Guide
Web Hosting Starter Guidewebhostingguy
 
Improving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDYImproving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDYCotendo
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorMichele Orru
 
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...HostedbyConfluent
 
Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Matt Raible
 

More Related Content

What's hot

Rutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaRutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaMichael Dobe, Ph.D.
 
HTTP/2 for Developers
HTTP/2 for DevelopersHTTP/2 for Developers
HTTP/2 for DevelopersSvetlin Nakov
 
Debugging with Fiddler
Debugging with FiddlerDebugging with Fiddler
Debugging with FiddlerIdo Flatow
 
Getting started with fiddler
Getting started with fiddlerGetting started with fiddler
Getting started with fiddlerZhi Zhong
 
What's New in HTTP/2
What's New in HTTP/2What's New in HTTP/2
What's New in HTTP/2NGINX, Inc.
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesBrent Shaffer
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
Side-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and DefensesSide-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and DefensesTom Van Goethem
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
 
INFT132 093 03 Web Concepts
INFT132 093 03 Web ConceptsINFT132 093 03 Web Concepts
INFT132 093 03 Web ConceptsMichael Rees
 
HTTP/2: What no one is telling you
HTTP/2: What no one is telling youHTTP/2: What no one is telling you
HTTP/2: What no one is telling youFastly
 
Http/2 - What's it all about?
Http/2 - What's it all about?Http/2 - What's it all about?
Http/2 - What's it all about?Andy Davies
 
Php 5 Power Programming
Php 5 Power ProgrammingPhp 5 Power Programming
Php 5 Power Programmingkansas
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersDenis Kolegov
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2Ido Flatow
 
Web Hosting Starter Guide
Web Hosting Starter GuideWeb Hosting Starter Guide
Web Hosting Starter Guidewebhostingguy
 
Improving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDYImproving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDYCotendo
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorMichele Orru
 

What's hot (20)

Rutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaRutgers - Communicator Pro M Media
Rutgers - Communicator Pro M Media
 
HTTP/2 for Developers
HTTP/2 for DevelopersHTTP/2 for Developers
HTTP/2 for Developers
 
Debugging with Fiddler
Debugging with FiddlerDebugging with Fiddler
Debugging with Fiddler
 
Getting started with fiddler
Getting started with fiddlerGetting started with fiddler
Getting started with fiddler
 
What's New in HTTP/2
What's New in HTTP/2What's New in HTTP/2
What's New in HTTP/2
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our Lives
 
Http2
Http2Http2
Http2
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
Side-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and DefensesSide-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and Defenses
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
INFT132 093 03 Web Concepts
INFT132 093 03 Web ConceptsINFT132 093 03 Web Concepts
INFT132 093 03 Web Concepts
 
HTTP/2: What no one is telling you
HTTP/2: What no one is telling youHTTP/2: What no one is telling you
HTTP/2: What no one is telling you
 
Http/2 - What's it all about?
Http/2 - What's it all about?Http/2 - What's it all about?
Http/2 - What's it all about?
 
Php 5 Power Programming
Php 5 Power ProgrammingPhp 5 Power Programming
Php 5 Power Programming
 
Http2 right now
Http2 right nowHttp2 right now
Http2 right now
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache Headers
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
Web Hosting Starter Guide
Web Hosting Starter GuideWeb Hosting Starter Guide
Web Hosting Starter Guide
 
Improving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDYImproving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDY
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
 

Similar to Deep Sea Phishing Gear

Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...HostedbyConfluent
 
Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Matt Raible
 
Security Patterns for Microservice Architectures - Oktane20
Security Patterns for Microservice Architectures - Oktane20Security Patterns for Microservice Architectures - Oktane20
Security Patterns for Microservice Architectures - Oktane20Matt Raible
 
Str02. IBM Application Modernization with panagenda ApplicationInsights
Str02. IBM Application Modernization with panagenda ApplicationInsightsStr02. IBM Application Modernization with panagenda ApplicationInsights
Str02. IBM Application Modernization with panagenda ApplicationInsightspanagenda
 
Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSecurity Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesVMware Tanzu
 
Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020Matt Raible
 
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Databricks
 
Strayer cis 408 week 6 assignment 2
Strayer cis 408 week 6 assignment 2Strayer cis 408 week 6 assignment 2
Strayer cis 408 week 6 assignment 2shyaminfo40
 
An AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQLAn AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQLMaris Elsins
 
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...Dave Delay
 
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019Rebekka Aalbers-de Jong
 
An architect’s guide to leveraging your incumbency
An architect’s guide to leveraging your incumbencyAn architect’s guide to leveraging your incumbency
An architect’s guide to leveraging your incumbencyMichael Elder
 
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...Dr. Haxel Consult
 
How to reduce mailbox size and protect email data
How to reduce mailbox size and protect email dataHow to reduce mailbox size and protect email data
How to reduce mailbox size and protect email dataMithi SkyConnect
 
Tran Minh Duc - Certified Hybris Dev
Tran Minh Duc - Certified Hybris DevTran Minh Duc - Certified Hybris Dev
Tran Minh Duc - Certified Hybris DevĐức Hítle
 
Revit MEP learning Series
Revit MEP learning Series Revit MEP learning Series
Revit MEP learning Series michaeljmack
 
Dropbox - Architecture and Business Prospective
Dropbox - Architecture and Business ProspectiveDropbox - Architecture and Business Prospective
Dropbox - Architecture and Business ProspectiveChiara Cilardo
 

Similar to Deep Sea Phishing Gear (20)

Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
 
Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020
 
Security Patterns for Microservice Architectures - Oktane20
Security Patterns for Microservice Architectures - Oktane20Security Patterns for Microservice Architectures - Oktane20
Security Patterns for Microservice Architectures - Oktane20
 
Str02. IBM Application Modernization with panagenda ApplicationInsights
Str02. IBM Application Modernization with panagenda ApplicationInsightsStr02. IBM Application Modernization with panagenda ApplicationInsights
Str02. IBM Application Modernization with panagenda ApplicationInsights
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSecurity Patterns for Microservice Architectures
Security Patterns for Microservice Architectures
 
Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020
 
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
 
Strayer cis 408 week 6 assignment 2
Strayer cis 408 week 6 assignment 2Strayer cis 408 week 6 assignment 2
Strayer cis 408 week 6 assignment 2
 
An AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQLAn AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQL
 
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
 
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
 
Javascript mvc
Javascript mvcJavascript mvc
Javascript mvc
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
An architect’s guide to leveraging your incumbency
An architect’s guide to leveraging your incumbencyAn architect’s guide to leveraging your incumbency
An architect’s guide to leveraging your incumbency
 
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
 
How to reduce mailbox size and protect email data
How to reduce mailbox size and protect email dataHow to reduce mailbox size and protect email data
How to reduce mailbox size and protect email data
 
Tran Minh Duc - Certified Hybris Dev
Tran Minh Duc - Certified Hybris DevTran Minh Duc - Certified Hybris Dev
Tran Minh Duc - Certified Hybris Dev
 
Revit MEP learning Series
Revit MEP learning Series Revit MEP learning Series
Revit MEP learning Series
 
Dropbox - Architecture and Business Prospective
Dropbox - Architecture and Business ProspectiveDropbox - Architecture and Business Prospective
Dropbox - Architecture and Business Prospective
 

More from Dimitry Snezhkov

BH-ElfPack-Presentation.pdf
BH-ElfPack-Presentation.pdfBH-ElfPack-Presentation.pdf
BH-ElfPack-Presentation.pdfDimitry Snezhkov
 
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware OperationsRacketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware OperationsDimitry Snezhkov
 
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial OperationsYour House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial OperationsDimitry Snezhkov
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitDimitry Snezhkov
 
Foxtrot C2: Forced Payload Delivery
Foxtrot C2: Forced Payload DeliveryFoxtrot C2: Forced Payload Delivery
Foxtrot C2: Forced Payload DeliveryDimitry Snezhkov
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchDimitry Snezhkov
 

More from Dimitry Snezhkov (6)

BH-ElfPack-Presentation.pdf
BH-ElfPack-Presentation.pdfBH-ElfPack-Presentation.pdf
BH-ElfPack-Presentation.pdf
 
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware OperationsRacketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
 
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial OperationsYour House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
 
Foxtrot C2: Forced Payload Delivery
Foxtrot C2: Forced Payload DeliveryFoxtrot C2: Forced Payload Delivery
Foxtrot C2: Forced Payload Delivery
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, Touch
 

Recently uploaded

buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutionsmonugehlot87
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?Watsoo Telematics
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 

Recently uploaded (20)

buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutions
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?What are the features of Vehicle Tracking System?
What are the features of Vehicle Tracking System?
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 

Deep Sea Phishing Gear

  • 1. Deep Sea Phishing Gear Dimitry Snezhkov
  • 2. $who -m 9/25/2020 2 D.Snezhkov – Red Team Oper @ XFR The feeling is mutual We !admins
  • 3. Deep Sea Phishing Gear 9/25/2020 3 “Aims to help red team operators and pentesters with the delivery of portable, OpSec-tight, flexible email phishing campaigns carried out on the outside and on the inside of a perimeter.” Ok, I have like 10 phishing tools already …
  • 4. 9/25/2020 4 Why another tool? • Increased Portability • Operational Security • Extensibility and Flexibility • Minimized Dependency footprint • Adaptability to harsh environments • Quick campaign retooling • Ability to mimic and augment existing email templates • Burning desire to keep a mark on the the hook for longer J
  • 5. 9/25/2020 5 Anatomy of a phish ü Flexibly add headers, targets, attachments. ü Correctly format and inline email templates, images and multipart messages. ü Use content templates for personalization. ü Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns.
  • 6. 9/25/2020 6 Anatomy of a phish ü Help create content with minimal dependencies. ü Embedded tools to support Markdown- >HTML->TXT workflow. ü Attribution Linking ü Concise configuration.
  • 7. 9/25/2020 7 Anatomy of a phish Accommodate Classic External Phishing Delivery
  • 8. 9/25/2020 8 Anatomy of a phish Accommodate Internal Phishing Delivery Not so classic J
  • 9. 9/25/2020 9 Anatomy of a phish ü Operate with a minimal footprint deep inside enterprises ü Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on- premise mail servers) ü Quickly re-target connectivity parameters. ü Account for various email communication parameters.
  • 10. 9/25/2020 10 Deep Sea: You want a MIME receipt too?
  • 12. 9/25/2020 12 Deep Sea Operation 1. Use Deep Sea 2. How to construct and process content? 3. How to leverage exis<ng email templates? 4. How to embed resources in the email? 5. How to inline content? 6. How to mul<part content? 7. How to connect to an external service provider or relay? 8. How to connect to an internal service provider or relay? 9. How to aGach payloads? 10. How to send email? 11. How to use dynamic content? 12. How to construct aGributable links? 13. How to capture maintain threaded conversa<ons? 14. How to run mul<ple campaigns? See See See See See See See Ok, you get it...
  • 13. 9/25/2020 13 Deep Sea Operation Suit up. Going down
  • 14. 9/25/2020 14 Usage Op#on 1: Command line driver Option 2: Configuration file
  • 15. 9/25/2020 15 Deep Sea Configuration config.yml • YAML • Sections • Annotated • Examples All directives optional Mail Client
  • 16. 9/25/2020 16 Deep Sea Configuration Message Content
  • 17. 9/25/2020 17 Deep Sea Configuration Templates
  • 18. 9/25/2020 18 Deep Sea Configuration Backend
  • 19. 9/25/2020 19 Deep Sea Configuration Content Processing
  • 20. 9/25/2020 20 Deep Sea Configuration marks.csv • CSV • 1 Record per line
  • 21. 9/25/2020 21 Deep Sea Operation: Dynamic Marks Marks Content Template
  • 22. 9/25/2020 22 Deep Sea Operation: Infrastructure ü Provision backend DB (embedded) ü Import marks ü Queries, etc.
  • 23. 9/25/2020 23 Deep Sea Operation: Data Setup ü Inject dynamic template variables ü Inline email ü Multipart Email ü Send email
  • 24. 9/25/2020 24 Deep Sea Operation Email in the Inbox: Nice to meet you, Dan Lee! !
  • 25. 9/25/2020 25 Deep Sea Operation: Markdown Content Shell
  • 26. 9/25/2020 26 Deep Sea Operation: Markdown Content
  • 27. 9/25/2020 27 Deep Sea Operation: Markdown ü Convert from MD to HTML Template ü Inject dynamic template variables ü Inline email (Style merge) ü Mul@part Email ü Send email
  • 28. 9/25/2020 28 Deep Sea Operation: Markdown Email in the Inbox: Less HTML headache, more !
  • 29. 9/25/2020 29 Deep Sea Operation: Embed Resources Content Config.yml
  • 30. 9/25/2020 30 Deep Sea Operation: Embed Resources Email in the Inbox: Less External images, less detection, even more !
  • 31. 9/25/2020 31 Deep Sea Operation: Attachments Config.yml
  • 32. 9/25/2020 32 Deep Sea Operation: Attachments Email in the Inbox: Attached payload, more detection. Less !, more
  • 33. 9/25/2020 33 Deep Sea Operation: Mark Attribution Contentl
  • 34. 9/25/2020 34 Deep Sea Operation: Mark Attribution
  • 35. 9/25/2020 35 Deep Sea Operation: Mark Attribution
  • 36. 9/25/2020 36 Deep Sea Operation: MX Rebinding Phase I 1. Internal DeepSea deploys phish 2. Internal mark intends to respond 3. Internal mark’s infra looks up external adversarial domain MX/SPF record Phase II 1. MX rebinds SMTP server communication to an address of phisher on corporate network 2. Internal mail client sends email to DeepSea server 3. DeepSea accepts SMTP and carries on the thread
  • 37. 9/25/2020 37 Deep Sea Operation: MX Rebinding Reply to us. We ❤ our customers
  • 38. 9/25/2020 38 Deep Sea Operation: MX Rebinding. Mail LAN IP LAN IP MX lookup to LAN IP SPF send from LAN IP
  • 39. 9/25/2020 39 Summary • Operate with a minimal footprint deep inside enterprises (Internal phish delivery). • Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on-premise mail servers) • Quickly re-target connectivity parameters. • Flexibly add headers, targets, attachments. • Correctly format and inline email templates, images and multipart messages. • Use content templates for personalization. • Account for various secure email communication parameters. • Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns. • Help create content with minimal dependencies. • Embedded tools to support Markdown->HTML->TXT workflow. • Concise configuration.
  • 40. 9/25/2020 40 Deep Sea: Code https://github.com/dsnezhkov/deepsea Q&A? Thanks!