SlideShare a Scribd company logo

Phishing Forensics - SnowFROC - Denver Chapter of OWASP

F
Frank Victory

In this presentation I will cover the basic forensics of Phishing

Technology
1 of 29
Phishing Forensics Frank Vianzon GISP, GPEN, GCWN, ACE, CompTIA Network+, CompTIA A+ Principal Security Engineer Instructor Red Rocks Community College Board Member of OWASP
RRCC Cybersecurity Program recognized by NSA and Department of Homeland Security
What is being presented • Types of Phishing • Check your phish • Basic analysis • Advanced analysis • Tracking analysis • Browser Forensics • How does phishing happen, do not contribute
• Deceptive Phishing – e-mails claiming to come from recognized sources ask you to verify your account, re-enter your information or make a payment • Spear Phishing – customized attacks within the target’s name, position, company, etc.
• Dropbox Phishing – emails claiming to come from Dropbox requesting the user to click through to secure their account or download a shared document • Google docs – view documents on Google Docs ends on entering your credentials
• CEO Fraud – phishers use an e-mail address similar to that of an authority figure to request payments or data from others within the company • Pharming – hijack a website’s domain name and use it to redirect visitors to an imposter site
Basic Analysis
• Submit to phishtank • Run by OpenDNS • API available
Advance Analysis Use a clean machine and clean network!!! • Boot USB (but make sure your drive is encrypted) • Factory Image • Clean Network – attributable hot spot or other network • Download Burp Proxy Suite and step through the site.
Review the header information
Find bad sites • Alienvault
Maltego Case File • Track your information to see relationships
Maltego Case File
Investigation of a pharming site
The captured data showed • News.yahoo.com – Associated Press – ebola-diagnosed-in-second-dallas-nurse-105542930.html ../../../.. Cd /etc/passwd Put *.* • Select statements
One gets through
Browser Forensics The three major browsers • Google Chrome • Mozilla Firefox • Internet Explorer and Edge
Google Chrome Analytics • Hindsight by Obsidian Forensics
Win UFO This is a Python script that also includes a EXE and GUI • Run at a command line ./hindsight.py -i "/users/frank/Library/Application Support/Google/Chrome/Default/" -o test_case
Internet Explorer Internet Explorer • Browsing History View
Don’t Contribute Help stop the phishing sites by checking your own network • Secure mail relays in your own network • SMTP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP

Recommended

Footprinting
FootprintingFootprinting
Footprintingprashant3535
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsNetFort
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Web Security
Web SecurityWeb Security
Web SecurityRandy Connolly
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Web hacking
Web hackingWeb hacking
Web hackingPrashant Vashisht
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 

Recommended

Footprinting
FootprintingFootprinting
Footprintingprashant3535
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsNetFort
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Web Security
Web SecurityWeb Security
Web SecurityRandy Connolly
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Web hacking
Web hackingWeb hacking
Web hackingPrashant Vashisht
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesQuick Heal Technologies Ltd.
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016Earl Carter
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 
owasp_meetup_12_10
owasp_meetup_12_10owasp_meetup_12_10
owasp_meetup_12_10sean_todd
 
Web attacks
Web attacksWeb attacks
Web attackshusnara mohammad
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Competenciadigital
CompetenciadigitalCompetenciadigital
CompetenciadigitalAriberna
 
Today Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoToday Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoKareo
 
Notas semana cultural padres
Notas semana cultural padresNotas semana cultural padres
Notas semana cultural padresJuan De Austria Leganés
 
Video games
Video gamesVideo games
Video gamesNaitsirch Rodriguez
 
Classical vs. Modern
Classical vs. Modern�Classical vs. Modern�
Classical vs. ModernZohreh Daemi, MBA, DBA
 
Conferencia corregida 2017
Conferencia corregida 2017Conferencia corregida 2017
Conferencia corregida 2017Ing. Marytere Sinohui Prado
 
Bryhan Arley Gallego Hernandez
Bryhan Arley Gallego Hernandez Bryhan Arley Gallego Hernandez
Bryhan Arley Gallego Hernandez Bryhan Arley Gallego Hernandez
 
Quimica industrial 1 3
Quimica industrial 1 3Quimica industrial 1 3
Quimica industrial 1 3wendy valenzuela
 
Marco del Buen Desempeño Docente
Marco del Buen Desempeño DocenteMarco del Buen Desempeño Docente
Marco del Buen Desempeño DocenteAndrea Choccata Cruz
 
Employee TV for manufacturing sites
Employee TV for manufacturing sitesEmployee TV for manufacturing sites
Employee TV for manufacturing sitesArtem Kovalyov
 
Alabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoAlabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoJohn Velasquez Pereira
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Kablosuz Ağlar
Kablosuz AğlarKablosuz Ağlar
Kablosuz AğlarOğuzhan Demirci
 
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Frank Victory
 

More Related Content

What's hot

Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesQuick Heal Technologies Ltd.
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 
owasp_meetup_12_10
owasp_meetup_12_10owasp_meetup_12_10
owasp_meetup_12_10sean_todd
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 

What's hot (8)

Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entities
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
 
owasp_meetup_12_10
owasp_meetup_12_10owasp_meetup_12_10
owasp_meetup_12_10
 
Web attacks
Web attacksWeb attacks
Web attacks
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 

Viewers also liked

Competenciadigital
CompetenciadigitalCompetenciadigital
CompetenciadigitalAriberna
 
Today Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoToday Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoKareo
 
Employee TV for manufacturing sites
Employee TV for manufacturing sitesEmployee TV for manufacturing sites
Employee TV for manufacturing sitesArtem Kovalyov
 
Alabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoAlabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoJohn Velasquez Pereira
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Frank Victory
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017keyalea
 
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness ProgramWiley
 
When Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your BusinessWhen Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your BusinessKaspersky Lab
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 

Viewers also liked (18)

Competenciadigital
CompetenciadigitalCompetenciadigital
Competenciadigital
 
Today Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoToday Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with Kareo
 
Notas semana cultural padres
Notas semana cultural padresNotas semana cultural padres
Notas semana cultural padres
 
Video games
Video gamesVideo games
Video games
 
Classical vs. Modern
Classical vs. Modern�Classical vs. Modern�
Classical vs. Modern
 
Conferencia corregida 2017
Conferencia corregida 2017Conferencia corregida 2017
Conferencia corregida 2017
 
Bryhan Arley Gallego Hernandez
Bryhan Arley Gallego Hernandez Bryhan Arley Gallego Hernandez
Bryhan Arley Gallego Hernandez
 
Quimica industrial 1 3
Quimica industrial 1 3Quimica industrial 1 3
Quimica industrial 1 3
 
Marco del Buen Desempeño Docente
Marco del Buen Desempeño DocenteMarco del Buen Desempeño Docente
Marco del Buen Desempeño Docente
 
Employee TV for manufacturing sites
Employee TV for manufacturing sitesEmployee TV for manufacturing sites
Employee TV for manufacturing sites
 
Alabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoAlabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzo
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystem
 
Kablosuz Ağlar
Kablosuz AğlarKablosuz Ağlar
Kablosuz Ağlar
 
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Differential learning SnowFROC 2017
Differential learning SnowFROC 2017
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
 
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program
 
When Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your BusinessWhen Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your Business
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 

Similar to Phishing Forensics - SnowFROC - Denver Chapter of OWASP

Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis MPhil/MRes/BSc
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeNet at Work
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptxCybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptxPrinceYdvz
 
Securtiy Issues 17.05.2020.pptx
Securtiy Issues 17.05.2020.pptxSecurtiy Issues 17.05.2020.pptx
Securtiy Issues 17.05.2020.pptxvatsalrbhatt13
 
Cyberscout Corporate Security
Cyberscout Corporate SecurityCyberscout Corporate Security
Cyberscout Corporate SecurityFiroze Hussain
 

Similar to Phishing Forensics - SnowFROC - Denver Chapter of OWASP (20)

Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
 
Phishing
PhishingPhishing
Phishing
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
NPTs
NPTsNPTs
NPTs
 
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaTietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
 
Lesson 5 protecting yourself on the internet
Lesson 5 protecting yourself on the internetLesson 5 protecting yourself on the internet
Lesson 5 protecting yourself on the internet
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
 
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptxCybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
 
Securtiy Issues 17.05.2020.pptx
Securtiy Issues 17.05.2020.pptxSecurtiy Issues 17.05.2020.pptx
Securtiy Issues 17.05.2020.pptx
 
Cyberscout Corporate Security
Cyberscout Corporate SecurityCyberscout Corporate Security
Cyberscout Corporate Security
 

More from Frank Victory

Container security Familiar problems in new technology
Container security Familiar problems in new technologyContainer security Familiar problems in new technology
Container security Familiar problems in new technologyFrank Victory
 
Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsKealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsFrank Victory
 
Automation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersAutomation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersFrank Victory
 
CNG 256 cloud computing
CNG 256 cloud computingCNG 256 cloud computing
CNG 256 cloud computingFrank Victory
 
CNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothCNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothFrank Victory
 
Active defensecombo clean
Active defensecombo cleanActive defensecombo clean
Active defensecombo cleanFrank Victory
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutionsFrank Victory
 
Cng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policiesCng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policiesFrank Victory
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 

More from Frank Victory (11)

Container security Familiar problems in new technology
Container security Familiar problems in new technologyContainer security Familiar problems in new technology
Container security Familiar problems in new technology
 
Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsKealy OWASP interactive_artifacts
Kealy OWASP interactive_artifacts
 
Automation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersAutomation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackers
 
CNG 256 cloud computing
CNG 256 cloud computingCNG 256 cloud computing
CNG 256 cloud computing
 
CNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothCNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetooth
 
Active defensecombo clean
Active defensecombo cleanActive defensecombo clean
Active defensecombo clean
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
Cng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policiesCng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policies
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
9.0 security (2)
9.0 security (2)9.0 security (2)
9.0 security (2)
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 

Recently uploaded

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Phishing Forensics - SnowFROC - Denver Chapter of OWASP

  • 1. Phishing Forensics Frank Vianzon GISP, GPEN, GCWN, ACE, CompTIA Network+, CompTIA A+ Principal Security Engineer Instructor Red Rocks Community College Board Member of OWASP
  • 2. RRCC Cybersecurity Program recognized by NSA and Department of Homeland Security
  • 3. What is being presented • Types of Phishing • Check your phish • Basic analysis • Advanced analysis • Tracking analysis • Browser Forensics • How does phishing happen, do not contribute
  • 4. • Deceptive Phishing – e-mails claiming to come from recognized sources ask you to verify your account, re-enter your information or make a payment • Spear Phishing – customized attacks within the target’s name, position, company, etc.
  • 5. • Dropbox Phishing – emails claiming to come from Dropbox requesting the user to click through to secure their account or download a shared document • Google docs – view documents on Google Docs ends on entering your credentials
  • 6. • CEO Fraud – phishers use an e-mail address similar to that of an authority figure to request payments or data from others within the company • Pharming – hijack a website’s domain name and use it to redirect visitors to an imposter site
  • 8. • Submit to phishtank • Run by OpenDNS • API available
  • 9. Advance Analysis Use a clean machine and clean network!!! • Boot USB (but make sure your drive is encrypted) • Factory Image • Clean Network – attributable hot spot or other network • Download Burp Proxy Suite and step through the site.
  • 10. Review the header information
  • 11. Find bad sites • Alienvault
  • 12. Maltego Case File • Track your information to see relationships
  • 14.
  • 15.
  • 16.
  • 17. Investigation of a pharming site
  • 18.
  • 19. The captured data showed • News.yahoo.com – Associated Press – ebola-diagnosed-in-second-dallas-nurse-105542930.html ../../../.. Cd /etc/passwd Put *.* • Select statements
  • 21. Browser Forensics The three major browsers • Google Chrome • Mozilla Firefox • Internet Explorer and Edge
  • 22. Google Chrome Analytics • Hindsight by Obsidian Forensics
  • 23. Win UFO This is a Python script that also includes a EXE and GUI • Run at a command line ./hindsight.py -i "/users/frank/Library/Application Support/Google/Chrome/Default/" -o test_case
  • 24.
  • 25.
  • 27.
  • 28. Don’t Contribute Help stop the phishing sites by checking your own network • Secure mail relays in your own network • SMTP

Editor's Notes

  1. Last presentation of the day – only thing standing between you and happy hour You should have started drinking before the presentation – as my wife likes to tell me, I sound a lot better when she is drunk
  2. Phishing is so prevalent they have created different types
  3. That is the easy way of doing it, but you are here because you want to do it yourself. Hover over the link Look at the header Perform a recon on the site. Check DNS records – plug that into ARIN
  4. Pull the header and then do DNS lookups against the domains and use ARIN
  5. Used to use freemind or xmind to track information – visual thinker
  6. User clicks on a link! We want to see what the user did
  7. Make sure you quote it Pull all kinds of info
  8. Show spreadsheet