SlideShare a Scribd company logo

Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful Awareness Program

Download as PPTX, PDF
EC-Council
EC-Council

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is an Enterprise Security Consultant at Sword and Shield Enterprise Security in Knoxville, TN. Joe also maintains his own Blog and Podcast called Advanced Persistent Security. In his spare time, Joe enjoys reading news relevant to information security, attending information security conferences, contributing blogs to various outlets, bass fishing, and flying his drone.

Technology
1 of 36
Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful Awareness Program
Intro www.hackerhalted.com 2 • Enterprise Security Consultant at Sword & Shield Enterprise Security • 2017 DerbyCon Social Engineering Capture the Flag (SECTF) winner • Served in the US Navy, Navigating Submarines • Holds the CISSP-ISSMP, GSNA, and GCIH certifications • Frequent Guest Blogger • AlienVault • Tripwire • ITSP Magazine • Sword & Shield’s Blog • Maintains blog and podcast at https://advancedpersistentsecurity.net • Trains (spoken taps out a lot) in Brazilian Jiu Jitsu
www.hackerhalted.com 3
Goals www.hackerhalted.com 4 • Open Source Intelligence (OSINT) • Social Engineering • Pretexting • *ishing (Spear phishing,Vishing, and Smishing) • Whaling • Baiting • Dumpster Diving • Applied Social Engineering • OSINT in enabling more effective social engineering • Tools andTechniques for collecting OSINT • OSINT and Social Engineering integration • Mitigations of Social Engineering • Training ofTeams
What is Social Engineering? www.hackerhalted.com 5 • Human Hacking • Exploits the human factor and often bypasses technology and expensive equipment
Pioneers of the Art www.hackerhalted.com 6
www.hackerhalted.com 7
Examples of Social Engineering www.hackerhalted.com 8 • Phishing • Spear Phishing • Whaling • Vishing • Smishing • Baiting • Pretexting • Dumpster Diving • Tailgating
Psychology of Social Engineering www.hackerhalted.com 9 • Everything goes back to Dr. Cialdini’s 6 Principles of Persuasion 1. Reciprocity 2. Commitment and Consistency 3. Social Proof 4. Liking (Likability) 5. Authority 6. Scarcity (Urgency)
Applicationof Social Engineering www.hackerhalted.com 10 • Social Engineering aims to influence the users to: • Provide some sort of data (ideally, sensitive data) • Tell us something that is not online and readily available • Tell us who could do something or tell us more (give us better targets) • Tell us about the operating environment and issues within • Perform an action • Clicking a link • Making a change to the firewall rules • Open an email
What is OSINT? www.hackerhalted.com 11 OSINT is drawn from publicly available material, including: • The Internet • Traditional mass media (e.g. television, radio, newspapers, magazines) • Specialized journals, conference proceedings, and think tank studies • Photos • Geospatial information (e.g. maps and commercial imagery products)
Where can one gather OSINT? www.hackerhalted.com 12
Gathering OSINT www.hackerhalted.com 13 • Public conversations (borderline HUMINT) • Bars • Malls • Restaurants • Family and Friends • BackWindshields • Mostly, the internet • Forums • Job Boards • Search Engines • Social Media
Goals of OSINT www.hackerhalted.com 14
An example of OSINT www.hackerhalted.com 15
Another Example www.hackerhalted.com 16
…another… www.hackerhalted.com 17
…last one… www.hackerhalted.com 18
OSINT Demo www.hackerhalted.com 19
Timing www.hackerhalted.com 20
SE and OSINT Relationship www.hackerhalted.com 21 • They share similar properties in terms of human psychology • OSINT can be used to build a dossier or profile about a SE target • This can provide context for the contact • Better pretexting • Better (spear) phishing • Better “other” technical stuff like password guess (or even passwords)
Attribution? www.hackerhalted.com 22
Law Enforcement www.hackerhalted.com 23
Sales and Retail www.hackerhalted.com 24
…more examples… www.hackerhalted.com 25
…even more… www.hackerhalted.com 26
Is this one and done? • Several rounds may be required. • You may find something interesting towards the end that causes you to look at everything again from a different angle. www.hackerhalted.com 27
Collection Considerations • What is the Endgame? • Is what you’re doing ethical? • Do you have an ethical obligation to do this a certain way? • Is this legal? • Does the state that I am doing this in require Private Investigator Licensure? • I have collected all this data, how do I protect it? • How long do I retain it? • How do I dispose of it? • What value could be assigned to it? www.hackerhalted.com 28
Weaponizing OSINT • We can’t be like the South Park underpants gnomes… www.hackerhalted.com 29
Social Engineering Demo www.hackerhalted.com 30
Contact Me Social Media • Twitter: @C_3PJoe / @advpersistsec • LinkedIn: linkedin.com/in/billyjgrayjr • Facebook: facebook.com/joegrayinfosec Email • jgray@advancedpersistentsecurity.net • bjg@swordshield.com Blog and Podcast • advancedpersistentsecurity.net Podcast is also on iTunes, Stitcher, Google Play, and other fine platforms www.hackerhalted.com 31
Future Speaking Engagements October 17-18: EDGE Security Conference, Knoxville, TN October 20-22: SkyDogCon, Nashville, TN October 26-17: Lone Star Application Security Conference (LASCON), Austin, TX November 11: Bsides Charleston, Charleston, SC November 15: Metro Atlanta ISSA Conference, Atlanta, GA www.hackerhalted.com 32
Contacting Sword & Shield www.hackerhalted.com 33
Questions? www.hackerhalted.com 34
OSINT Resources 35 (All in no particular order; except the book section) • Blogs: • Automatingosint.com • learnallthethings.net • Osint.fail • Podcasts: • Complete and Privacy Security Podcast • Social Engineer Podcast • Book: • Open Source IntelligenceTechniques (Michael Bazzell) • Slack: • Openosint.slack.com • Aps-opensource.signup.team
OSINT Resources 36 (All in no particular order; except the book section) • People to Follow: • @beast_fighter • @baywolf88 • @jms_dot_py • @jnordine • @upgoingstar • @_sn0ww • @sarahjamielewis • @webbreacher • @andrewsmhay • @dutch_osintguy • @infosecsherpa • @sweet_grrl • @inteltechniques • @cybersecstu • @jennyradcliffe • @ginsberg5150 • @iv_Machiavelli • @GRC_Ninja

Recommended

Global CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy PartnershipGlobal CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy PartnershipEC-Council
 
Charity: A Secret for Cyberspace by Jon Creekmore
Charity: A Secret for Cyberspace by Jon CreekmoreCharity: A Secret for Cyberspace by Jon Creekmore
Charity: A Secret for Cyberspace by Jon CreekmoreEC-Council
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
ethics final project
ethics final projectethics final project
ethics final projectVictoriya Poplavskaya
 
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA (European Emergency Number Association)
 
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationDo it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationBrian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
A Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityA Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityRobert M. Lee
 
Post privacy - What should we do after the fail of privacy?
Post privacy - What should we do after the fail of privacy?Post privacy - What should we do after the fail of privacy?
Post privacy - What should we do after the fail of privacy?Open Knowledge Maps
 

Recommended

Global CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy PartnershipGlobal CISO Forum 2017: Privacy Partnership
Global CISO Forum 2017: Privacy PartnershipEC-Council
 
Charity: A Secret for Cyberspace by Jon Creekmore
Charity: A Secret for Cyberspace by Jon CreekmoreCharity: A Secret for Cyberspace by Jon Creekmore
Charity: A Secret for Cyberspace by Jon CreekmoreEC-Council
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
ethics final project
ethics final projectethics final project
ethics final projectVictoriya Poplavskaya
 
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA (European Emergency Number Association)
 
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationDo it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationBrian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
A Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityA Child Like Approach to Grid Cybersecurity
A Child Like Approach to Grid CybersecurityRobert M. Lee
 
Post privacy - What should we do after the fail of privacy?
Post privacy - What should we do after the fail of privacy?Post privacy - What should we do after the fail of privacy?
Post privacy - What should we do after the fail of privacy?Open Knowledge Maps
 
BSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense CycleBSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense CycleRobert M. Lee
 
Data and Ethics: Why Data Science Needs One
Data and Ethics: Why Data Science Needs OneData and Ethics: Why Data Science Needs One
Data and Ethics: Why Data Science Needs OneTim Rich
 
OSINT
OSINTOSINT
OSINTApurv Singh Gautam
 
Using OSINT in times of social unrest
Using OSINT in times of social unrestUsing OSINT in times of social unrest
Using OSINT in times of social unrestShani Wolf
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
Obama.Com E Você, por Joe Crump
Obama.Com E Você, por Joe CrumpObama.Com E Você, por Joe Crump
Obama.Com E Você, por Joe CrumpNow! Digital Business
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypresFairSay
 
2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?Phil Agcaoili
 
Got Chaos? Extracting Business Intelligence from Email with Natural Language ...
Got Chaos? Extracting Business Intelligence from Email with Natural Language ...Got Chaos? Extracting Business Intelligence from Email with Natural Language ...
Got Chaos? Extracting Business Intelligence from Email with Natural Language ...Digital Reasoning
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secureLYRASIS
 
Data ethics
Data ethicsData ethics
Data ethicsMathieu d'Aquin
 
Info Sec, AI, and Ethics
Info Sec, AI, and EthicsInfo Sec, AI, and Ethics
Info Sec, AI, and EthicsKate Carruthers
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligencec0c0n - International Cyber Security and Policing Conference
 
Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Dan Michaluk
 
Chp 6 lect 6 - intellectual property rights and computer technology (shared...
Chp 6 lect 6 - intellectual property rights and computer technology (shared...Chp 6 lect 6 - intellectual property rights and computer technology (shared...
Chp 6 lect 6 - intellectual property rights and computer technology (shared...YUSRA FERNANDO
 
DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2👀 Joe Gray
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 

More Related Content

What's hot

BSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense CycleBSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense CycleRobert M. Lee
 
Data and Ethics: Why Data Science Needs One
Data and Ethics: Why Data Science Needs OneData and Ethics: Why Data Science Needs One
Data and Ethics: Why Data Science Needs OneTim Rich
 
Using OSINT in times of social unrest
Using OSINT in times of social unrestUsing OSINT in times of social unrest
Using OSINT in times of social unrestShani Wolf
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!Nutan Kumar Panda
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringTom Eston
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...Falgun Rathod
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypresFairSay
 
2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?Phil Agcaoili
 
Got Chaos? Extracting Business Intelligence from Email with Natural Language ...
Got Chaos? Extracting Business Intelligence from Email with Natural Language ...Got Chaos? Extracting Business Intelligence from Email with Natural Language ...
Got Chaos? Extracting Business Intelligence from Email with Natural Language ...Digital Reasoning
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secureLYRASIS
 
Info Sec, AI, and Ethics
Info Sec, AI, and EthicsInfo Sec, AI, and Ethics
Info Sec, AI, and EthicsKate Carruthers
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Dan Michaluk
 
Chp 6 lect 6 - intellectual property rights and computer technology (shared...
Chp 6 lect 6 - intellectual property rights and computer technology (shared...Chp 6 lect 6 - intellectual property rights and computer technology (shared...
Chp 6 lect 6 - intellectual property rights and computer technology (shared...YUSRA FERNANDO
 

What's hot (20)

BSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense CycleBSides Huntsville Keynote - Active Cyber Defense Cycle
BSides Huntsville Keynote - Active Cyber Defense Cycle
 
Data and Ethics: Why Data Science Needs One
Data and Ethics: Why Data Science Needs OneData and Ethics: Why Data Science Needs One
Data and Ethics: Why Data Science Needs One
 
OSINT
OSINTOSINT
OSINT
 
Using OSINT in times of social unrest
Using OSINT in times of social unrestUsing OSINT in times of social unrest
Using OSINT in times of social unrest
 
OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!OSINT Black Magic: Listen who whispers your name in the dark!!!
OSINT Black Magic: Listen who whispers your name in the dark!!!
 
Enterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence GatheringEnterprise Open Source Intelligence Gathering
Enterprise Open Source Intelligence Gathering
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 
Obama.Com E Você, por Joe Crump
Obama.Com E Você, por Joe CrumpObama.Com E Você, por Joe Crump
Obama.Com E Você, por Joe Crump
 
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
OSINT - Open Source Intelligence "Leading Intelligence and Investigation Tech...
 
Digi securitypres
Digi securitypresDigi securitypres
Digi securitypres
 
2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?2014 - KSU - So You Want to Be in Cyber Security?
2014 - KSU - So You Want to Be in Cyber Security?
 
Got Chaos? Extracting Business Intelligence from Email with Natural Language ...
Got Chaos? Extracting Business Intelligence from Email with Natural Language ...Got Chaos? Extracting Business Intelligence from Email with Natural Language ...
Got Chaos? Extracting Business Intelligence from Email with Natural Language ...
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
 
Keeping you and your library safe and secure
Keeping you and your library safe and secureKeeping you and your library safe and secure
Keeping you and your library safe and secure
 
Data ethics
Data ethicsData ethics
Data ethics
 
Info Sec, AI, and Ethics
Info Sec, AI, and EthicsInfo Sec, AI, and Ethics
Info Sec, AI, and Ethics
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
 
Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)
 
Chp 6 lect 6 - intellectual property rights and computer technology (shared...
Chp 6 lect 6 - intellectual property rights and computer technology (shared...Chp 6 lect 6 - intellectual property rights and computer technology (shared...
Chp 6 lect 6 - intellectual property rights and computer technology (shared...
 

Similar to Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful Awareness Program

Digital First Thinking and Working
Digital First Thinking and WorkingDigital First Thinking and Working
Digital First Thinking and WorkingSteve Buttry
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINTChandrapal Badshah
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Kimberley Dray
 
Maximizing Social Capital to Increase Core Facility Exposure and Usage
Maximizing Social Capital to Increase Core Facility Exposure and UsageMaximizing Social Capital to Increase Core Facility Exposure and Usage
Maximizing Social Capital to Increase Core Facility Exposure and UsageRyan Duggan
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsSloan Carne
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Marta Barrio Marcos
 
The Well Connected Facility
The Well Connected FacilityThe Well Connected Facility
The Well Connected FacilityRyan Duggan
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.Internet Security Auditors
 
Ubiquitous Angels; ambient sensor networks to crowd source crisis response an...
Ubiquitous Angels; ambient sensor networks to crowd source crisis response an...Ubiquitous Angels; ambient sensor networks to crowd source crisis response an...
Ubiquitous Angels; ambient sensor networks to crowd source crisis response an...Anselm Hook
 
CUTGroup Presentation for Social Enterprise Class at Northwestern University
CUTGroup Presentation for Social Enterprise Class at Northwestern UniversityCUTGroup Presentation for Social Enterprise Class at Northwestern University
CUTGroup Presentation for Social Enterprise Class at Northwestern UniversitySmart Chicago Collaborative
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next BattlegroundSensePost
 
Enterprise Use of Twitter by Doug Ross
Enterprise Use of Twitter by Doug RossEnterprise Use of Twitter by Doug Ross
Enterprise Use of Twitter by Doug RossThe Circuit
 
Social media for researchers
Social media for researchersSocial media for researchers
Social media for researchersHelen Webster
 
Social Media for advocacy
Social Media for advocacySocial Media for advocacy
Social Media for advocacyAPGYF2012
 

Similar to Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful Awareness Program (20)

DECEPTICONv2
DECEPTICONv2DECEPTICONv2
DECEPTICONv2
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Digital First Thinking and Working
Digital First Thinking and WorkingDigital First Thinking and Working
Digital First Thinking and Working
 
Let’s hunt the target using OSINT
Let’s hunt the target using OSINTLet’s hunt the target using OSINT
Let’s hunt the target using OSINT
 
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
Co-Presented: YOU are the Alpha and Omega of a Secure Future (Kottova / Dray)...
 
Generative AI How It's Changing Our World and What It Means for You_final.pdf
Generative AI How It's Changing Our World and What It Means for You_final.pdfGenerative AI How It's Changing Our World and What It Means for You_final.pdf
Generative AI How It's Changing Our World and What It Means for You_final.pdf
 
Maximizing Social Capital to Increase Core Facility Exposure and Usage
Maximizing Social Capital to Increase Core Facility Exposure and UsageMaximizing Social Capital to Increase Core Facility Exposure and Usage
Maximizing Social Capital to Increase Core Facility Exposure and Usage
 
Advanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU InvestigatorsAdvanced Research Investigations for SIU Investigators
Advanced Research Investigations for SIU Investigators
 
Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)Conference about Social Engineering (by Wh0s)
Conference about Social Engineering (by Wh0s)
 
The Well Connected Facility
The Well Connected FacilityThe Well Connected Facility
The Well Connected Facility
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.
 
Ubiquitous Angels; ambient sensor networks to crowd source crisis response an...
Ubiquitous Angels; ambient sensor networks to crowd source crisis response an...Ubiquitous Angels; ambient sensor networks to crowd source crisis response an...
Ubiquitous Angels; ambient sensor networks to crowd source crisis response an...
 
Teaching engagement
Teaching engagement Teaching engagement
Teaching engagement
 
Social Tools to Share Your Research
Social Tools to Share Your ResearchSocial Tools to Share Your Research
Social Tools to Share Your Research
 
CUTGroup Presentation for Social Enterprise Class at Northwestern University
CUTGroup Presentation for Social Enterprise Class at Northwestern UniversityCUTGroup Presentation for Social Enterprise Class at Northwestern University
CUTGroup Presentation for Social Enterprise Class at Northwestern University
 
Online Privacy, the next Battleground
Online Privacy, the next BattlegroundOnline Privacy, the next Battleground
Online Privacy, the next Battleground
 
Enterprise Use of Twitter by Doug Ross
Enterprise Use of Twitter by Doug RossEnterprise Use of Twitter by Doug Ross
Enterprise Use of Twitter by Doug Ross
 
Social media for researchers
Social media for researchersSocial media for researchers
Social media for researchers
 
Social Media for advocacy
Social Media for advocacySocial Media for advocacy
Social Media for advocacy
 
Social Media
Social MediaSocial Media
Social Media
 

More from EC-Council

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approachEC-Council
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident ResponseEC-Council
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James EC-Council
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeEC-Council
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderEC-Council
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019EC-Council
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementEC-Council
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...EC-Council
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...EC-Council
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...EC-Council
 

More from EC-Council (20)

CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldCyberOm - Hacking the Wellness Code in a Chaotic Cyber World
CyberOm - Hacking the Wellness Code in a Chaotic Cyber World
 
Cloud Security Architecture - a different approach
Cloud Security Architecture - a different approachCloud Security Architecture - a different approach
Cloud Security Architecture - a different approach
 
Phases of Incident Response
Phases of Incident ResponsePhases of Incident Response
Phases of Incident Response
 
Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James Weaponizing OSINT – Hacker Halted 2019 – Michael James
Weaponizing OSINT – Hacker Halted 2019 – Michael James
 
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith TurpinHacking Your Career – Hacker Halted 2019 – Keith Turpin
Hacking Your Career – Hacker Halted 2019 – Keith Turpin
 
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle LeeHacking Diversity – Hacker Halted . 2019 – Marcelle Lee
Hacking Diversity – Hacker Halted . 2019 – Marcelle Lee
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoData in cars can be creepy – Hacker Halted 2019 – Andrea Amico
Data in cars can be creepy – Hacker Halted 2019 – Andrea Amico
 
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel NaderBreaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
Breaking Smart [Bank] Statements – Hacker Halted 2019 – Manuel Nader
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019War Game: Ransomware – Global CISO Forum 2019
War Game: Ransomware – Global CISO Forum 2019
 
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...
 
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...
 
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerAlexa is a snitch! Hacker Halted 2019 - Wes Widner
Alexa is a snitch! Hacker Halted 2019 - Wes Widner
 
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law EnforcementHacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
Hacker Halted 2018: Don't Panic! Big Data Analytics vs. Law Enforcement
 
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
Hacker Halted 2018: HACKING TRILLIAN: A 42-STEP SOLUTION TO EXPLOIT POST-VOGA...
 
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
Hacker Halted 2018: Breaking the Bad News: How to Prevent Your IR Messages fr...
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
Hacker Halted 2018: SE vs Predator: Using Social Engineering in ways I never ...
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful Awareness Program

  • 1. Phishing: It’s Not Just for Pentesters Using Phishing to Build a Successful Awareness Program
  • 2. Intro www.hackerhalted.com 2 • Enterprise Security Consultant at Sword & Shield Enterprise Security • 2017 DerbyCon Social Engineering Capture the Flag (SECTF) winner • Served in the US Navy, Navigating Submarines • Holds the CISSP-ISSMP, GSNA, and GCIH certifications • Frequent Guest Blogger • AlienVault • Tripwire • ITSP Magazine • Sword & Shield’s Blog • Maintains blog and podcast at https://advancedpersistentsecurity.net • Trains (spoken taps out a lot) in Brazilian Jiu Jitsu
  • 4. Goals www.hackerhalted.com 4 • Open Source Intelligence (OSINT) • Social Engineering • Pretexting • *ishing (Spear phishing,Vishing, and Smishing) • Whaling • Baiting • Dumpster Diving • Applied Social Engineering • OSINT in enabling more effective social engineering • Tools andTechniques for collecting OSINT • OSINT and Social Engineering integration • Mitigations of Social Engineering • Training ofTeams
  • 5. What is Social Engineering? www.hackerhalted.com 5 • Human Hacking • Exploits the human factor and often bypasses technology and expensive equipment
  • 6. Pioneers of the Art www.hackerhalted.com 6
  • 8. Examples of Social Engineering www.hackerhalted.com 8 • Phishing • Spear Phishing • Whaling • Vishing • Smishing • Baiting • Pretexting • Dumpster Diving • Tailgating
  • 9. Psychology of Social Engineering www.hackerhalted.com 9 • Everything goes back to Dr. Cialdini’s 6 Principles of Persuasion 1. Reciprocity 2. Commitment and Consistency 3. Social Proof 4. Liking (Likability) 5. Authority 6. Scarcity (Urgency)
  • 10. Applicationof Social Engineering www.hackerhalted.com 10 • Social Engineering aims to influence the users to: • Provide some sort of data (ideally, sensitive data) • Tell us something that is not online and readily available • Tell us who could do something or tell us more (give us better targets) • Tell us about the operating environment and issues within • Perform an action • Clicking a link • Making a change to the firewall rules • Open an email
  • 11. What is OSINT? www.hackerhalted.com 11 OSINT is drawn from publicly available material, including: • The Internet • Traditional mass media (e.g. television, radio, newspapers, magazines) • Specialized journals, conference proceedings, and think tank studies • Photos • Geospatial information (e.g. maps and commercial imagery products)
  • 12. Where can one gather OSINT? www.hackerhalted.com 12
  • 13. Gathering OSINT www.hackerhalted.com 13 • Public conversations (borderline HUMINT) • Bars • Malls • Restaurants • Family and Friends • BackWindshields • Mostly, the internet • Forums • Job Boards • Search Engines • Social Media
  • 15. An example of OSINT www.hackerhalted.com 15
  • 21. SE and OSINT Relationship www.hackerhalted.com 21 • They share similar properties in terms of human psychology • OSINT can be used to build a dossier or profile about a SE target • This can provide context for the contact • Better pretexting • Better (spear) phishing • Better “other” technical stuff like password guess (or even passwords)
  • 27. Is this one and done? • Several rounds may be required. • You may find something interesting towards the end that causes you to look at everything again from a different angle. www.hackerhalted.com 27
  • 28. Collection Considerations • What is the Endgame? • Is what you’re doing ethical? • Do you have an ethical obligation to do this a certain way? • Is this legal? • Does the state that I am doing this in require Private Investigator Licensure? • I have collected all this data, how do I protect it? • How long do I retain it? • How do I dispose of it? • What value could be assigned to it? www.hackerhalted.com 28
  • 29. Weaponizing OSINT • We can’t be like the South Park underpants gnomes… www.hackerhalted.com 29
  • 31. Contact Me Social Media • Twitter: @C_3PJoe / @advpersistsec • LinkedIn: linkedin.com/in/billyjgrayjr • Facebook: facebook.com/joegrayinfosec Email • jgray@advancedpersistentsecurity.net • bjg@swordshield.com Blog and Podcast • advancedpersistentsecurity.net Podcast is also on iTunes, Stitcher, Google Play, and other fine platforms www.hackerhalted.com 31
  • 32. Future Speaking Engagements October 17-18: EDGE Security Conference, Knoxville, TN October 20-22: SkyDogCon, Nashville, TN October 26-17: Lone Star Application Security Conference (LASCON), Austin, TX November 11: Bsides Charleston, Charleston, SC November 15: Metro Atlanta ISSA Conference, Atlanta, GA www.hackerhalted.com 32
  • 33. Contacting Sword & Shield www.hackerhalted.com 33
  • 35. OSINT Resources 35 (All in no particular order; except the book section) • Blogs: • Automatingosint.com • learnallthethings.net • Osint.fail • Podcasts: • Complete and Privacy Security Podcast • Social Engineer Podcast • Book: • Open Source IntelligenceTechniques (Michael Bazzell) • Slack: • Openosint.slack.com • Aps-opensource.signup.team
  • 36. OSINT Resources 36 (All in no particular order; except the book section) • People to Follow: • @beast_fighter • @baywolf88 • @jms_dot_py • @jnordine • @upgoingstar • @_sn0ww • @sarahjamielewis • @webbreacher • @andrewsmhay • @dutch_osintguy • @infosecsherpa • @sweet_grrl • @inteltechniques • @cybersecstu • @jennyradcliffe • @ginsberg5150 • @iv_Machiavelli • @GRC_Ninja