SlideShare a Scribd company logo

Phishing Forensics - SnowFROC - Denver Chapter of OWASP

F
Frank Victory

In this presentation I will cover the basic forensics of Phishing

Technology
1 of 29
Phishing Forensics Frank Vianzon GISP, GPEN, GCWN, ACE, CompTIA Network+, CompTIA A+ Principal Security Engineer Instructor Red Rocks Community College Board Member of OWASP
RRCC Cybersecurity Program recognized by NSA and Department of Homeland Security
What is being presented • Types of Phishing • Check your phish • Basic analysis • Advanced analysis • Tracking analysis • Browser Forensics • How does phishing happen, do not contribute
• Deceptive Phishing – e-mails claiming to come from recognized sources ask you to verify your account, re-enter your information or make a payment • Spear Phishing – customized attacks within the target’s name, position, company, etc.
• Dropbox Phishing – emails claiming to come from Dropbox requesting the user to click through to secure their account or download a shared document • Google docs – view documents on Google Docs ends on entering your credentials
• CEO Fraud – phishers use an e-mail address similar to that of an authority figure to request payments or data from others within the company • Pharming – hijack a website’s domain name and use it to redirect visitors to an imposter site
Basic Analysis
• Submit to phishtank • Run by OpenDNS • API available
Advance Analysis Use a clean machine and clean network!!! • Boot USB (but make sure your drive is encrypted) • Factory Image • Clean Network – attributable hot spot or other network • Download Burp Proxy Suite and step through the site.
Review the header information
Find bad sites • Alienvault
Maltego Case File • Track your information to see relationships
Maltego Case File
Investigation of a pharming site
The captured data showed • News.yahoo.com – Associated Press – ebola-diagnosed-in-second-dallas-nurse-105542930.html ../../../.. Cd /etc/passwd Put *.* • Select statements
One gets through
Browser Forensics The three major browsers • Google Chrome • Mozilla Firefox • Internet Explorer and Edge
Google Chrome Analytics • Hindsight by Obsidian Forensics
Win UFO This is a Python script that also includes a EXE and GUI • Run at a command line ./hindsight.py -i "/users/frank/Library/Application Support/Google/Chrome/Default/" -o test_case
Internet Explorer Internet Explorer • Browsing History View
Don’t Contribute Help stop the phishing sites by checking your own network • Secure mail relays in your own network • SMTP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP

Recommended

Footprinting
FootprintingFootprinting
Footprintingprashant3535
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsNetFort
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Web Security
Web SecurityWeb Security
Web SecurityRandy Connolly
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Web hacking
Web hackingWeb hacking
Web hackingPrashant Vashisht
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 

Recommended

Footprinting
FootprintingFootprinting
Footprintingprashant3535
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsNetFort
 
Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Tools for Open Source Intelligence (OSINT)
Tools for Open Source Intelligence (OSINT)Sudhanshu Chauhan
 
Web Security
Web SecurityWeb Security
Web SecurityRandy Connolly
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security MindsetAdam W. Warner
 
Web hacking
Web hackingWeb hacking
Web hackingPrashant Vashisht
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesQuick Heal Technologies Ltd.
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016Earl Carter
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 
owasp_meetup_12_10
owasp_meetup_12_10owasp_meetup_12_10
owasp_meetup_12_10sean_todd
 
Web attacks
Web attacksWeb attacks
Web attackshusnara mohammad
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Competenciadigital
CompetenciadigitalCompetenciadigital
CompetenciadigitalAriberna
 
Today Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoToday Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoKareo
 
Notas semana cultural padres
Notas semana cultural padresNotas semana cultural padres
Notas semana cultural padresJuan De Austria Leganés
 
Video games
Video gamesVideo games
Video gamesNaitsirch Rodriguez
 
Classical vs. Modern
Classical vs. Modern�Classical vs. Modern�
Classical vs. ModernZohreh Daemi, MBA, DBA
 
Conferencia corregida 2017
Conferencia corregida 2017Conferencia corregida 2017
Conferencia corregida 2017Ing. Marytere Sinohui Prado
 
Bryhan Arley Gallego Hernandez
Bryhan Arley Gallego Hernandez Bryhan Arley Gallego Hernandez
Bryhan Arley Gallego Hernandez Bryhan Arley Gallego Hernandez
 
Quimica industrial 1 3
Quimica industrial 1 3Quimica industrial 1 3
Quimica industrial 1 3wendy valenzuela
 
Marco del Buen Desempeño Docente
Marco del Buen Desempeño DocenteMarco del Buen Desempeño Docente
Marco del Buen Desempeño DocenteAndrea Choccata Cruz
 
Employee TV for manufacturing sites
Employee TV for manufacturing sitesEmployee TV for manufacturing sites
Employee TV for manufacturing sitesArtem Kovalyov
 
Alabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoAlabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoJohn Velasquez Pereira
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Kablosuz Ağlar
Kablosuz AğlarKablosuz Ağlar
Kablosuz AğlarOğuzhan Demirci
 
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Frank Victory
 

More Related Content

What's hot

Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesQuick Heal Technologies Ltd.
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of DreamsGreg Foss
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101Rafel Ivgi
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plugKamal Rathaur
 
owasp_meetup_12_10
owasp_meetup_12_10owasp_meetup_12_10
owasp_meetup_12_10sean_todd
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 

What's hot (8)

Enterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entitiesEnterprise security: ransomware in enterprise and corporate entities
Enterprise security: ransomware in enterprise and corporate entities
 
AtlSecCon 2016
AtlSecCon 2016AtlSecCon 2016
AtlSecCon 2016
 
Threat Intelligence Field of Dreams
Threat Intelligence Field of DreamsThreat Intelligence Field of Dreams
Threat Intelligence Field of Dreams
 
Cyber attacks 101
Cyber attacks 101Cyber attacks 101
Cyber attacks 101
 
Stop pulling the plug
Stop pulling the plugStop pulling the plug
Stop pulling the plug
 
owasp_meetup_12_10
owasp_meetup_12_10owasp_meetup_12_10
owasp_meetup_12_10
 
Web attacks
Web attacksWeb attacks
Web attacks
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 

Viewers also liked

Competenciadigital
CompetenciadigitalCompetenciadigital
CompetenciadigitalAriberna
 
Today Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoToday Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoKareo
 
Employee TV for manufacturing sites
Employee TV for manufacturing sitesEmployee TV for manufacturing sites
Employee TV for manufacturing sitesArtem Kovalyov
 
Alabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoAlabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoJohn Velasquez Pereira
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystemamiable_indian
 
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Frank Victory
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017keyalea
 
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness ProgramWiley
 
When Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your BusinessWhen Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your BusinessKaspersky Lab
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 

Viewers also liked (18)

Competenciadigital
CompetenciadigitalCompetenciadigital
Competenciadigital
 
Today Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with KareoToday Clinic Continues to Innovate and Thrive with Kareo
Today Clinic Continues to Innovate and Thrive with Kareo
 
Notas semana cultural padres
Notas semana cultural padresNotas semana cultural padres
Notas semana cultural padres
 
Video games
Video gamesVideo games
Video games
 
Classical vs. Modern
Classical vs. Modern�Classical vs. Modern�
Classical vs. Modern
 
Conferencia corregida 2017
Conferencia corregida 2017Conferencia corregida 2017
Conferencia corregida 2017
 
Bryhan Arley Gallego Hernandez
Bryhan Arley Gallego Hernandez Bryhan Arley Gallego Hernandez
Bryhan Arley Gallego Hernandez
 
Quimica industrial 1 3
Quimica industrial 1 3Quimica industrial 1 3
Quimica industrial 1 3
 
Marco del Buen Desempeño Docente
Marco del Buen Desempeño DocenteMarco del Buen Desempeño Docente
Marco del Buen Desempeño Docente
 
Employee TV for manufacturing sites
Employee TV for manufacturing sitesEmployee TV for manufacturing sites
Employee TV for manufacturing sites
 
Alabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzoAlabanzas culto de jovenes 11 de marzo
Alabanzas culto de jovenes 11 de marzo
 
The Phishing Ecosystem
The Phishing EcosystemThe Phishing Ecosystem
The Phishing Ecosystem
 
Kablosuz Ağlar
Kablosuz AğlarKablosuz Ağlar
Kablosuz Ağlar
 
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017Differential learning SnowFROC 2017
Differential learning SnowFROC 2017
 
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017Wi-Fi Denver OWASP Presentation Feb. 15, 2017
Wi-Fi Denver OWASP Presentation Feb. 15, 2017
 
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program
 
When Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your BusinessWhen Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your Business
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 

Similar to Phishing Forensics - SnowFROC - Denver Chapter of OWASP

Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceBrian Pichman
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleBrian Pichman
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security PracticeBrian Pichman
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Chris Gates
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis MPhil/MRes/BSc
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeNet at Work
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupBrian Pichman
 
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptxCybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptxPrinceYdvz
 
Securtiy Issues 17.05.2020.pptx
Securtiy Issues 17.05.2020.pptxSecurtiy Issues 17.05.2020.pptx
Securtiy Issues 17.05.2020.pptxvatsalrbhatt13
 
Cyberscout Corporate Security
Cyberscout Corporate SecurityCyberscout Corporate Security
Cyberscout Corporate SecurityFiroze Hussain
 

Similar to Phishing Forensics - SnowFROC - Denver Chapter of OWASP (20)

Implementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day ConferenceImplementing security for your library | PLAN Tech Day Conference
Implementing security for your library | PLAN Tech Day Conference
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
 
Phishing
PhishingPhishing
Phishing
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter StyleCybersecurity - Defense Against The Dark Arts Harry Potter Style
Cybersecurity - Defense Against The Dark Arts Harry Potter Style
 
Personal Internet Security Practice
Personal Internet Security PracticePersonal Internet Security Practice
Personal Internet Security Practice
 
NPTs
NPTsNPTs
NPTs
 
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaTietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
 
Lesson 5 protecting yourself on the internet
Lesson 5 protecting yourself on the internetLesson 5 protecting yourself on the internet
Lesson 5 protecting yourself on the internet
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
Securing and Safeguarding Your Library Setup
Securing and Safeguarding Your Library SetupSecuring and Safeguarding Your Library Setup
Securing and Safeguarding Your Library Setup
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
 
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptxCybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
Cybersecurity-Keeping-Your-Computers-Devices-Safe.pptx
 
Securtiy Issues 17.05.2020.pptx
Securtiy Issues 17.05.2020.pptxSecurtiy Issues 17.05.2020.pptx
Securtiy Issues 17.05.2020.pptx
 
Cyberscout Corporate Security
Cyberscout Corporate SecurityCyberscout Corporate Security
Cyberscout Corporate Security
 

More from Frank Victory

Container security Familiar problems in new technology
Container security Familiar problems in new technologyContainer security Familiar problems in new technology
Container security Familiar problems in new technologyFrank Victory
 
Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsKealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsFrank Victory
 
Automation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersAutomation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersFrank Victory
 
CNG 256 cloud computing
CNG 256 cloud computingCNG 256 cloud computing
CNG 256 cloud computingFrank Victory
 
CNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothCNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothFrank Victory
 
Active defensecombo clean
Active defensecombo cleanActive defensecombo clean
Active defensecombo cleanFrank Victory
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutionsFrank Victory
 
Cng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policiesCng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policiesFrank Victory
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorizationFrank Victory
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacksFrank Victory
 

More from Frank Victory (11)

Container security Familiar problems in new technology
Container security Familiar problems in new technologyContainer security Familiar problems in new technology
Container security Familiar problems in new technology
 
Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifactsKealy OWASP interactive_artifacts
Kealy OWASP interactive_artifacts
 
Automation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackersAutomation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackers
 
CNG 256 cloud computing
CNG 256 cloud computingCNG 256 cloud computing
CNG 256 cloud computing
 
CNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetoothCNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetooth
 
Active defensecombo clean
Active defensecombo cleanActive defensecombo clean
Active defensecombo clean
 
Dns security threats and solutions
Dns security threats and solutionsDns security threats and solutions
Dns security threats and solutions
 
Cng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policiesCng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policies
 
Authentication vs authorization
Authentication vs authorizationAuthentication vs authorization
Authentication vs authorization
 
9.0 security (2)
9.0 security (2)9.0 security (2)
9.0 security (2)
 
Lesson 6 web based attacks
Lesson 6 web based attacksLesson 6 web based attacks
Lesson 6 web based attacks
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Phishing Forensics - SnowFROC - Denver Chapter of OWASP

  • 1. Phishing Forensics Frank Vianzon GISP, GPEN, GCWN, ACE, CompTIA Network+, CompTIA A+ Principal Security Engineer Instructor Red Rocks Community College Board Member of OWASP
  • 2. RRCC Cybersecurity Program recognized by NSA and Department of Homeland Security
  • 3. What is being presented • Types of Phishing • Check your phish • Basic analysis • Advanced analysis • Tracking analysis • Browser Forensics • How does phishing happen, do not contribute
  • 4. • Deceptive Phishing – e-mails claiming to come from recognized sources ask you to verify your account, re-enter your information or make a payment • Spear Phishing – customized attacks within the target’s name, position, company, etc.
  • 5. • Dropbox Phishing – emails claiming to come from Dropbox requesting the user to click through to secure their account or download a shared document • Google docs – view documents on Google Docs ends on entering your credentials
  • 6. • CEO Fraud – phishers use an e-mail address similar to that of an authority figure to request payments or data from others within the company • Pharming – hijack a website’s domain name and use it to redirect visitors to an imposter site
  • 8. • Submit to phishtank • Run by OpenDNS • API available
  • 9. Advance Analysis Use a clean machine and clean network!!! • Boot USB (but make sure your drive is encrypted) • Factory Image • Clean Network – attributable hot spot or other network • Download Burp Proxy Suite and step through the site.
  • 10. Review the header information
  • 11. Find bad sites • Alienvault
  • 12. Maltego Case File • Track your information to see relationships
  • 14.
  • 15.
  • 16.
  • 17. Investigation of a pharming site
  • 18.
  • 19. The captured data showed • News.yahoo.com – Associated Press – ebola-diagnosed-in-second-dallas-nurse-105542930.html ../../../.. Cd /etc/passwd Put *.* • Select statements
  • 21. Browser Forensics The three major browsers • Google Chrome • Mozilla Firefox • Internet Explorer and Edge
  • 22. Google Chrome Analytics • Hindsight by Obsidian Forensics
  • 23. Win UFO This is a Python script that also includes a EXE and GUI • Run at a command line ./hindsight.py -i "/users/frank/Library/Application Support/Google/Chrome/Default/" -o test_case
  • 24.
  • 25.
  • 27.
  • 28. Don’t Contribute Help stop the phishing sites by checking your own network • Secure mail relays in your own network • SMTP

Editor's Notes

  1. Last presentation of the day – only thing standing between you and happy hour You should have started drinking before the presentation – as my wife likes to tell me, I sound a lot better when she is drunk
  2. Phishing is so prevalent they have created different types
  3. That is the easy way of doing it, but you are here because you want to do it yourself. Hover over the link Look at the header Perform a recon on the site. Check DNS records – plug that into ARIN
  4. Pull the header and then do DNS lookups against the domains and use ARIN
  5. Used to use freemind or xmind to track information – visual thinker
  6. User clicks on a link! We want to see what the user did
  7. Make sure you quote it Pull all kinds of info
  8. Show spreadsheet