SlideShare a Scribd company logo

Deep Sea Phishing Gear

Dimitry Snezhkov
Dimitry Snezhkov

DeepSea phishing gear aims to help RTOs and pentesters with the delivery of opsec-tight, flexible email phishing campaigns carried out on the outside as well as on the inside of a perimeter. Code: https://github.com/dsnezhkov/deepsea/ Goals Operate with a minimal footprint deep inside enterprises (Internal phish delivery). Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on-prem mail servers) Quickly re-target connectivity parameters. Flexibly add headers, targets, attachments Correctly format and inline email templates, images and multipart messages. Use content templates for personalization Account for various secure email communication parameters Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns. Help create content with minimal dependencies. Embedded tools to support Markdown->HTML->TXT workflow.

1 of 41
Download to read offline
Deep Sea Phishing Gear Dimitry Snezhkov
$who -m 9/25/2020 2 D.Snezhkov – Red Team Oper @ XFR The feeling is mutual We !admins
Deep Sea Phishing Gear 9/25/2020 3 “Aims to help red team operators and pentesters with the delivery of portable, OpSec-tight, flexible email phishing campaigns carried out on the outside and on the inside of a perimeter.” Ok, I have like 10 phishing tools already …
9/25/2020 4 Why another tool? • Increased Portability • Operational Security • Extensibility and Flexibility • Minimized Dependency footprint • Adaptability to harsh environments • Quick campaign retooling • Ability to mimic and augment existing email templates • Burning desire to keep a mark on the the hook for longer J
9/25/2020 5 Anatomy of a phish ü Flexibly add headers, targets, attachments. ü Correctly format and inline email templates, images and multipart messages. ü Use content templates for personalization. ü Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns.
9/25/2020 6 Anatomy of a phish ü Help create content with minimal dependencies. ü Embedded tools to support Markdown- >HTML->TXT workflow. ü Attribution Linking ü Concise configuration.
9/25/2020 7 Anatomy of a phish Accommodate Classic External Phishing Delivery
9/25/2020 8 Anatomy of a phish Accommodate Internal Phishing Delivery Not so classic J
9/25/2020 9 Anatomy of a phish ü Operate with a minimal footprint deep inside enterprises ü Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on- premise mail servers) ü Quickly re-target connectivity parameters. ü Account for various email communication parameters.
9/25/2020 10 Deep Sea: You want a MIME receipt too?
9/25/2020 11 Deep Sea Operation
9/25/2020 12 Deep Sea Operation 1. Use Deep Sea 2. How to construct and process content? 3. How to leverage exis<ng email templates? 4. How to embed resources in the email? 5. How to inline content? 6. How to mul<part content? 7. How to connect to an external service provider or relay? 8. How to connect to an internal service provider or relay? 9. How to aGach payloads? 10. How to send email? 11. How to use dynamic content? 12. How to construct aGributable links? 13. How to capture maintain threaded conversa<ons? 14. How to run mul<ple campaigns? See See See See See See See Ok, you get it...
9/25/2020 13 Deep Sea Operation Suit up. Going down
9/25/2020 14 Usage Op#on 1: Command line driver Option 2: Configuration file
9/25/2020 15 Deep Sea Configuration config.yml • YAML • Sections • Annotated • Examples All directives optional Mail Client
9/25/2020 16 Deep Sea Configuration Message Content
9/25/2020 17 Deep Sea Configuration Templates
9/25/2020 18 Deep Sea Configuration Backend
9/25/2020 19 Deep Sea Configuration Content Processing
9/25/2020 20 Deep Sea Configuration marks.csv • CSV • 1 Record per line
9/25/2020 21 Deep Sea Operation: Dynamic Marks Marks Content Template
9/25/2020 22 Deep Sea Operation: Infrastructure ü Provision backend DB (embedded) ü Import marks ü Queries, etc.
9/25/2020 23 Deep Sea Operation: Data Setup ü Inject dynamic template variables ü Inline email ü Multipart Email ü Send email
9/25/2020 24 Deep Sea Operation Email in the Inbox: Nice to meet you, Dan Lee! !
9/25/2020 25 Deep Sea Operation: Markdown Content Shell
9/25/2020 26 Deep Sea Operation: Markdown Content
9/25/2020 27 Deep Sea Operation: Markdown ü Convert from MD to HTML Template ü Inject dynamic template variables ü Inline email (Style merge) ü Mul@part Email ü Send email
9/25/2020 28 Deep Sea Operation: Markdown Email in the Inbox: Less HTML headache, more !
9/25/2020 29 Deep Sea Operation: Embed Resources Content Config.yml
9/25/2020 30 Deep Sea Operation: Embed Resources Email in the Inbox: Less External images, less detection, even more !
9/25/2020 31 Deep Sea Operation: Attachments Config.yml
9/25/2020 32 Deep Sea Operation: Attachments Email in the Inbox: Attached payload, more detection. Less !, more
9/25/2020 33 Deep Sea Operation: Mark Attribution Contentl
9/25/2020 34 Deep Sea Operation: Mark Attribution
9/25/2020 35 Deep Sea Operation: Mark Attribution
9/25/2020 36 Deep Sea Operation: MX Rebinding Phase I 1. Internal DeepSea deploys phish 2. Internal mark intends to respond 3. Internal mark’s infra looks up external adversarial domain MX/SPF record Phase II 1. MX rebinds SMTP server communication to an address of phisher on corporate network 2. Internal mail client sends email to DeepSea server 3. DeepSea accepts SMTP and carries on the thread
9/25/2020 37 Deep Sea Operation: MX Rebinding Reply to us. We ❤ our customers
9/25/2020 38 Deep Sea Operation: MX Rebinding. Mail LAN IP LAN IP MX lookup to LAN IP SPF send from LAN IP
9/25/2020 39 Summary • Operate with a minimal footprint deep inside enterprises (Internal phish delivery). • Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on-premise mail servers) • Quickly re-target connectivity parameters. • Flexibly add headers, targets, attachments. • Correctly format and inline email templates, images and multipart messages. • Use content templates for personalization. • Account for various secure email communication parameters. • Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns. • Help create content with minimal dependencies. • Embedded tools to support Markdown->HTML->TXT workflow. • Concise configuration.
9/25/2020 40 Deep Sea: Code https://github.com/dsnezhkov/deepsea Q&A? Thanks!
Deep Sea Phishing Gear

Recommended

Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload Delivery
Dimitry Snezhkov
 
21 Www Web Services
21 Www Web Services21 Www Web Services
21 Www Web Services
royans
 
Understanding the Web through HTTP
Understanding the Web through HTTPUnderstanding the Web through HTTP
Understanding the Web through HTTP
Olivia Brundage
 
Introducing HTTP/2
Introducing HTTP/2Introducing HTTP/2
Introducing HTTP/2
Ido Flatow
 
HTTP/2 What's inside and Why
HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and Why
Adrian Cole
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Denis Kolegov
 
What HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouWhat HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For You
Mark Nottingham
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache Headers
Denis Kolegov
 

Recommended

Foxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload DeliveryFoxtrot C2: A Journey of Payload Delivery
Foxtrot C2: A Journey of Payload Delivery
Dimitry Snezhkov
 
21 Www Web Services
21 Www Web Services21 Www Web Services
21 Www Web Services
royans
 
Understanding the Web through HTTP
Understanding the Web through HTTPUnderstanding the Web through HTTP
Understanding the Web through HTTP
Olivia Brundage
 
Introducing HTTP/2
Introducing HTTP/2Introducing HTTP/2
Introducing HTTP/2
Ido Flatow
 
HTTP/2 What's inside and Why
HTTP/2 What's inside and WhyHTTP/2 What's inside and Why
HTTP/2 What's inside and Why
Adrian Cole
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Denis Kolegov
 
What HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For YouWhat HTTP/2.0 Will Do For You
What HTTP/2.0 Will Do For You
Mark Nottingham
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache Headers
Denis Kolegov
 
Rutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaRutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaMichael Dobe, Ph.D.
 
HTTP/2 for Developers
HTTP/2 for DevelopersHTTP/2 for Developers
HTTP/2 for Developers
Svetlin Nakov
 
Debugging with Fiddler
Debugging with FiddlerDebugging with Fiddler
Debugging with Fiddler
Ido Flatow
 
Getting started with fiddler
Getting started with fiddlerGetting started with fiddler
Getting started with fiddlerZhi Zhong
 
What's New in HTTP/2
What's New in HTTP/2What's New in HTTP/2
What's New in HTTP/2
NGINX, Inc.
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our Lives
Brent Shaffer
 
Http2
Http2Http2
Http2
Daniel Stenberg
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
Ido Flatow
 
Side-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and DefensesSide-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and Defenses
Tom Van Goethem
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
INFT132 093 03 Web Concepts
INFT132 093 03 Web ConceptsINFT132 093 03 Web Concepts
INFT132 093 03 Web Concepts
Michael Rees
 
HTTP/2: What no one is telling you
HTTP/2: What no one is telling youHTTP/2: What no one is telling you
HTTP/2: What no one is telling you
Fastly
 
Http/2 - What's it all about?
Http/2 - What's it all about?Http/2 - What's it all about?
Http/2 - What's it all about?Andy Davies
 
Php 5 Power Programming
Php 5 Power ProgrammingPhp 5 Power Programming
Php 5 Power Programmingkansas
 
Http2 right now
Http2 right nowHttp2 right now
Http2 right now
Daniel Stenberg
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache Headers
Denis Kolegov
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
Ido Flatow
 
Web Hosting Starter Guide
Web Hosting Starter GuideWeb Hosting Starter Guide
Web Hosting Starter Guidewebhostingguy
 
Improving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDYImproving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDY
Cotendo
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
Michele Orru
 
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
HostedbyConfluent
 
Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020
Matt Raible
 

More Related Content

What's hot

Rutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaRutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaMichael Dobe, Ph.D.
 
HTTP/2 for Developers
HTTP/2 for DevelopersHTTP/2 for Developers
HTTP/2 for Developers
Svetlin Nakov
 
Debugging with Fiddler
Debugging with FiddlerDebugging with Fiddler
Debugging with Fiddler
Ido Flatow
 
Getting started with fiddler
Getting started with fiddlerGetting started with fiddler
Getting started with fiddlerZhi Zhong
 
What's New in HTTP/2
What's New in HTTP/2What's New in HTTP/2
What's New in HTTP/2
NGINX, Inc.
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our Lives
Brent Shaffer
 
Http2
Http2Http2
Http2
Daniel Stenberg
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
Ido Flatow
 
Side-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and DefensesSide-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and Defenses
Tom Van Goethem
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
INFT132 093 03 Web Concepts
INFT132 093 03 Web ConceptsINFT132 093 03 Web Concepts
INFT132 093 03 Web Concepts
Michael Rees
 
HTTP/2: What no one is telling you
HTTP/2: What no one is telling youHTTP/2: What no one is telling you
HTTP/2: What no one is telling you
Fastly
 
Http/2 - What's it all about?
Http/2 - What's it all about?Http/2 - What's it all about?
Http/2 - What's it all about?Andy Davies
 
Php 5 Power Programming
Php 5 Power ProgrammingPhp 5 Power Programming
Php 5 Power Programmingkansas
 
Http2 right now
Http2 right nowHttp2 right now
Http2 right now
Daniel Stenberg
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache Headers
Denis Kolegov
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
Ido Flatow
 
Web Hosting Starter Guide
Web Hosting Starter GuideWeb Hosting Starter Guide
Web Hosting Starter Guidewebhostingguy
 
Improving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDYImproving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDY
Cotendo
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
Michele Orru
 

What's hot (20)

Rutgers - Communicator Pro M Media
Rutgers - Communicator Pro M MediaRutgers - Communicator Pro M Media
Rutgers - Communicator Pro M Media
 
HTTP/2 for Developers
HTTP/2 for DevelopersHTTP/2 for Developers
HTTP/2 for Developers
 
Debugging with Fiddler
Debugging with FiddlerDebugging with Fiddler
Debugging with Fiddler
 
Getting started with fiddler
Getting started with fiddlerGetting started with fiddler
Getting started with fiddler
 
What's New in HTTP/2
What's New in HTTP/2What's New in HTTP/2
What's New in HTTP/2
 
HTTP - The Protocol of Our Lives
HTTP - The Protocol of Our LivesHTTP - The Protocol of Our Lives
HTTP - The Protocol of Our Lives
 
Http2
Http2Http2
Http2
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
Side-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and DefensesSide-Channels on the Web: Attacks and Defenses
Side-Channels on the Web: Attacks and Defenses
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
INFT132 093 03 Web Concepts
INFT132 093 03 Web ConceptsINFT132 093 03 Web Concepts
INFT132 093 03 Web Concepts
 
HTTP/2: What no one is telling you
HTTP/2: What no one is telling youHTTP/2: What no one is telling you
HTTP/2: What no one is telling you
 
Http/2 - What's it all about?
Http/2 - What's it all about?Http/2 - What's it all about?
Http/2 - What's it all about?
 
Php 5 Power Programming
Php 5 Power ProgrammingPhp 5 Power Programming
Php 5 Power Programming
 
Http2 right now
Http2 right nowHttp2 right now
Http2 right now
 
Covert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache HeadersCovert Timing Channels using HTTP Cache Headers
Covert Timing Channels using HTTP Cache Headers
 
Introduction to HTTP/2
Introduction to HTTP/2Introduction to HTTP/2
Introduction to HTTP/2
 
Web Hosting Starter Guide
Web Hosting Starter GuideWeb Hosting Starter Guide
Web Hosting Starter Guide
 
Improving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDYImproving performance by changing the rules from fast to SPDY
Improving performance by changing the rules from fast to SPDY
 
ZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchorZeroNights2012_BeEF_Workshop_antisnatchor
ZeroNights2012_BeEF_Workshop_antisnatchor
 

Similar to Deep Sea Phishing Gear

Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
HostedbyConfluent
 
Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020
Matt Raible
 
Security Patterns for Microservice Architectures - Oktane20
Security Patterns for Microservice Architectures - Oktane20Security Patterns for Microservice Architectures - Oktane20
Security Patterns for Microservice Architectures - Oktane20
Matt Raible
 
Str02. IBM Application Modernization with panagenda ApplicationInsights
Str02. IBM Application Modernization with panagenda ApplicationInsightsStr02. IBM Application Modernization with panagenda ApplicationInsights
Str02. IBM Application Modernization with panagenda ApplicationInsights
panagenda
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
Khushboo Wadhwani
 
Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSecurity Patterns for Microservice Architectures
Security Patterns for Microservice Architectures
VMware Tanzu
 
Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020
Matt Raible
 
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Databricks
 
Strayer cis 408 week 6 assignment 2
Strayer cis 408 week 6 assignment 2Strayer cis 408 week 6 assignment 2
Strayer cis 408 week 6 assignment 2
shyaminfo40
 
An AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQLAn AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQL
Maris Elsins
 
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
Dave Delay
 
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
Rebekka Aalbers-de Jong
 
Javascript mvc
Javascript mvcJavascript mvc
Javascript mvc
felix_bruno
 
An architect’s guide to leveraging your incumbency
An architect’s guide to leveraging your incumbencyAn architect’s guide to leveraging your incumbency
An architect’s guide to leveraging your incumbency
Michael Elder
 
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
Dr. Haxel Consult
 
How to reduce mailbox size and protect email data
How to reduce mailbox size and protect email dataHow to reduce mailbox size and protect email data
How to reduce mailbox size and protect email data
Mithi SkyConnect
 
Tran Minh Duc - Certified Hybris Dev
Tran Minh Duc - Certified Hybris DevTran Minh Duc - Certified Hybris Dev
Tran Minh Duc - Certified Hybris Dev
Đức Hítle
 
Revit MEP learning Series
Revit MEP learning Series Revit MEP learning Series
Revit MEP learning Series
michaeljmack
 
Dropbox - Architecture and Business Prospective
Dropbox - Architecture and Business ProspectiveDropbox - Architecture and Business Prospective
Dropbox - Architecture and Business Prospective
Chiara Cilardo
 

Similar to Deep Sea Phishing Gear (20)

Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
Implementing a Data Mesh with Apache Kafka with Adam Bellemare | Kafka Summit...
 
Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020Security Patterns for Microservice Architectures - London Java Community 2020
Security Patterns for Microservice Architectures - London Java Community 2020
 
Security Patterns for Microservice Architectures - Oktane20
Security Patterns for Microservice Architectures - Oktane20Security Patterns for Microservice Architectures - Oktane20
Security Patterns for Microservice Architectures - Oktane20
 
Str02. IBM Application Modernization with panagenda ApplicationInsights
Str02. IBM Application Modernization with panagenda ApplicationInsightsStr02. IBM Application Modernization with panagenda ApplicationInsights
Str02. IBM Application Modernization with panagenda ApplicationInsights
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Security Patterns for Microservice Architectures
Security Patterns for Microservice ArchitecturesSecurity Patterns for Microservice Architectures
Security Patterns for Microservice Architectures
 
Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020Security Patterns for Microservice Architectures - SpringOne 2020
Security Patterns for Microservice Architectures - SpringOne 2020
 
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
Building a Streaming Microservices Architecture - Data + AI Summit EU 2020
 
Strayer cis 408 week 6 assignment 2
Strayer cis 408 week 6 assignment 2Strayer cis 408 week 6 assignment 2
Strayer cis 408 week 6 assignment 2
 
An AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQLAn AWS DMS Replication Journey from Oracle to Aurora MySQL
An AWS DMS Replication Journey from Oracle to Aurora MySQL
 
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
IBM Connect 2014 - AD205: Creating State-of-the-Art Web Applications with Dom...
 
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
App in an hour HandsOn session - Power Platform World Tour Copenhagen 2019
 
Javascript mvc
Javascript mvcJavascript mvc
Javascript mvc
 
Final Presentation
Final PresentationFinal Presentation
Final Presentation
 
An architect’s guide to leveraging your incumbency
An architect’s guide to leveraging your incumbencyAn architect’s guide to leveraging your incumbency
An architect’s guide to leveraging your incumbency
 
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
IC-SDV 2019: Distributing AI to the Amazon Cloud - Klaus Kater (Deep SEARCH 9...
 
How to reduce mailbox size and protect email data
How to reduce mailbox size and protect email dataHow to reduce mailbox size and protect email data
How to reduce mailbox size and protect email data
 
Tran Minh Duc - Certified Hybris Dev
Tran Minh Duc - Certified Hybris DevTran Minh Duc - Certified Hybris Dev
Tran Minh Duc - Certified Hybris Dev
 
Revit MEP learning Series
Revit MEP learning Series Revit MEP learning Series
Revit MEP learning Series
 
Dropbox - Architecture and Business Prospective
Dropbox - Architecture and Business ProspectiveDropbox - Architecture and Business Prospective
Dropbox - Architecture and Business Prospective
 

More from Dimitry Snezhkov

BH-ElfPack-Presentation.pdf
BH-ElfPack-Presentation.pdfBH-ElfPack-Presentation.pdf
BH-ElfPack-Presentation.pdf
Dimitry Snezhkov
 
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware OperationsRacketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Dimitry Snezhkov
 
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial OperationsYour House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
Dimitry Snezhkov
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
Dimitry Snezhkov
 
Foxtrot C2: Forced Payload Delivery
Foxtrot C2: Forced Payload DeliveryFoxtrot C2: Forced Payload Delivery
Foxtrot C2: Forced Payload Delivery
Dimitry Snezhkov
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, Touch
Dimitry Snezhkov
 

More from Dimitry Snezhkov (6)

BH-ElfPack-Presentation.pdf
BH-ElfPack-Presentation.pdfBH-ElfPack-Presentation.pdf
BH-ElfPack-Presentation.pdf
 
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware OperationsRacketeer Toolkit. Prototyping Controlled Ransomware Operations
Racketeer Toolkit. Prototyping Controlled Ransomware Operations
 
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial OperationsYour House is My House: Use of Offensive Enclaves In Adversarial Operations
Your House is My House: Use of Offensive Enclaves In Adversarial Operations
 
Typhoon Managed Execution Toolkit
Typhoon Managed Execution ToolkitTyphoon Managed Execution Toolkit
Typhoon Managed Execution Toolkit
 
Foxtrot C2: Forced Payload Delivery
Foxtrot C2: Forced Payload DeliveryFoxtrot C2: Forced Payload Delivery
Foxtrot C2: Forced Payload Delivery
 
LST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, TouchLST Toolkit: Exfiltration Over Sound, Light, Touch
LST Toolkit: Exfiltration Over Sound, Light, Touch
 

Recently uploaded

Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
QuickwayInfoSystems3
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
abdulrafaychaudhry
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
Roshan Dwivedi
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 

Recently uploaded (20)

Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Enterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptxEnterprise Software Development with No Code Solutions.pptx
Enterprise Software Development with No Code Solutions.pptx
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 

Deep Sea Phishing Gear

  • 1. Deep Sea Phishing Gear Dimitry Snezhkov
  • 2. $who -m 9/25/2020 2 D.Snezhkov – Red Team Oper @ XFR The feeling is mutual We !admins
  • 3. Deep Sea Phishing Gear 9/25/2020 3 “Aims to help red team operators and pentesters with the delivery of portable, OpSec-tight, flexible email phishing campaigns carried out on the outside and on the inside of a perimeter.” Ok, I have like 10 phishing tools already …
  • 4. 9/25/2020 4 Why another tool? • Increased Portability • Operational Security • Extensibility and Flexibility • Minimized Dependency footprint • Adaptability to harsh environments • Quick campaign retooling • Ability to mimic and augment existing email templates • Burning desire to keep a mark on the the hook for longer J
  • 5. 9/25/2020 5 Anatomy of a phish ü Flexibly add headers, targets, attachments. ü Correctly format and inline email templates, images and multipart messages. ü Use content templates for personalization. ü Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns.
  • 6. 9/25/2020 6 Anatomy of a phish ü Help create content with minimal dependencies. ü Embedded tools to support Markdown- >HTML->TXT workflow. ü Attribution Linking ü Concise configuration.
  • 7. 9/25/2020 7 Anatomy of a phish Accommodate Classic External Phishing Delivery
  • 8. 9/25/2020 8 Anatomy of a phish Accommodate Internal Phishing Delivery Not so classic J
  • 9. 9/25/2020 9 Anatomy of a phish ü Operate with a minimal footprint deep inside enterprises ü Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on- premise mail servers) ü Quickly re-target connectivity parameters. ü Account for various email communication parameters.
  • 10. 9/25/2020 10 Deep Sea: You want a MIME receipt too?
  • 12. 9/25/2020 12 Deep Sea Operation 1. Use Deep Sea 2. How to construct and process content? 3. How to leverage exis<ng email templates? 4. How to embed resources in the email? 5. How to inline content? 6. How to mul<part content? 7. How to connect to an external service provider or relay? 8. How to connect to an internal service provider or relay? 9. How to aGach payloads? 10. How to send email? 11. How to use dynamic content? 12. How to construct aGributable links? 13. How to capture maintain threaded conversa<ons? 14. How to run mul<ple campaigns? See See See See See See See Ok, you get it...
  • 13. 9/25/2020 13 Deep Sea Operation Suit up. Going down
  • 14. 9/25/2020 14 Usage Op#on 1: Command line driver Option 2: Configuration file
  • 15. 9/25/2020 15 Deep Sea Configuration config.yml • YAML • Sections • Annotated • Examples All directives optional Mail Client
  • 16. 9/25/2020 16 Deep Sea Configuration Message Content
  • 17. 9/25/2020 17 Deep Sea Configuration Templates
  • 18. 9/25/2020 18 Deep Sea Configuration Backend
  • 19. 9/25/2020 19 Deep Sea Configuration Content Processing
  • 20. 9/25/2020 20 Deep Sea Configuration marks.csv • CSV • 1 Record per line
  • 21. 9/25/2020 21 Deep Sea Operation: Dynamic Marks Marks Content Template
  • 22. 9/25/2020 22 Deep Sea Operation: Infrastructure ü Provision backend DB (embedded) ü Import marks ü Queries, etc.
  • 23. 9/25/2020 23 Deep Sea Operation: Data Setup ü Inject dynamic template variables ü Inline email ü Multipart Email ü Send email
  • 24. 9/25/2020 24 Deep Sea Operation Email in the Inbox: Nice to meet you, Dan Lee! !
  • 25. 9/25/2020 25 Deep Sea Operation: Markdown Content Shell
  • 26. 9/25/2020 26 Deep Sea Operation: Markdown Content
  • 27. 9/25/2020 27 Deep Sea Operation: Markdown ü Convert from MD to HTML Template ü Inject dynamic template variables ü Inline email (Style merge) ü Mul@part Email ü Send email
  • 28. 9/25/2020 28 Deep Sea Operation: Markdown Email in the Inbox: Less HTML headache, more !
  • 29. 9/25/2020 29 Deep Sea Operation: Embed Resources Content Config.yml
  • 30. 9/25/2020 30 Deep Sea Operation: Embed Resources Email in the Inbox: Less External images, less detection, even more !
  • 31. 9/25/2020 31 Deep Sea Operation: Attachments Config.yml
  • 32. 9/25/2020 32 Deep Sea Operation: Attachments Email in the Inbox: Attached payload, more detection. Less !, more
  • 33. 9/25/2020 33 Deep Sea Operation: Mark Attribution Contentl
  • 34. 9/25/2020 34 Deep Sea Operation: Mark Attribution
  • 35. 9/25/2020 35 Deep Sea Operation: Mark Attribution
  • 36. 9/25/2020 36 Deep Sea Operation: MX Rebinding Phase I 1. Internal DeepSea deploys phish 2. Internal mark intends to respond 3. Internal mark’s infra looks up external adversarial domain MX/SPF record Phase II 1. MX rebinds SMTP server communication to an address of phisher on corporate network 2. Internal mail client sends email to DeepSea server 3. DeepSea accepts SMTP and carries on the thread
  • 37. 9/25/2020 37 Deep Sea Operation: MX Rebinding Reply to us. We ❤ our customers
  • 38. 9/25/2020 38 Deep Sea Operation: MX Rebinding. Mail LAN IP LAN IP MX lookup to LAN IP SPF send from LAN IP
  • 39. 9/25/2020 39 Summary • Operate with a minimal footprint deep inside enterprises (Internal phish delivery). • Seamlessly operate with external and internal mail providers (e.g. O365, Gmail, on-premise mail servers) • Quickly re-target connectivity parameters. • Flexibly add headers, targets, attachments. • Correctly format and inline email templates, images and multipart messages. • Use content templates for personalization. • Account for various secure email communication parameters. • Clearly separate artifacts, mark databases and content delivery for multiple (parallel or sequential) phishing campaigns. • Help create content with minimal dependencies. • Embedded tools to support Markdown->HTML->TXT workflow. • Concise configuration.
  • 40. 9/25/2020 40 Deep Sea: Code https://github.com/dsnezhkov/deepsea Q&A? Thanks!