Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Spear phishing with social media

Spear Phishing, FBstalker, Data Uri, DNS exfiltration

Peter Matkovski

on 12 September 2016

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Spear phishing with social media

Phishing in security
Efficiency increment
Mass phishing
Phishing as threat
Spear phishing
Phishing def
"Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication."
Peter Matkovski
Resource Abuse
In Terrorem
Open Source Security
Testing Methodology
Penetration testing execution standard
High density
Low efficiency
Spear phishing

Low density
High efficiency
CryptoLocker distribution
91% of ATP begin with spear phishing
Each phishing attack compromises a very small number of customers (0.000564%), but due the large number of phishing attacks, the aggregated number is significant
45% of bank customers who are redirected to a phishing site divulge their personal credentials
analysis of 69,000 workers around the world found that 23 percent fell for spear phishing scenarios
0.47% of a bank’s customers fall victim to Phishing attacks each year, which translates to between $2.4M-$9.4M in annual fraud losses per one million online banking clients

Phishing - Types of attack
Deceptive phishing
Correct account details
Account in risk
Cancel fake order
Dispute unauthorized change
Limited opportunity
Malware-Based Phishing
Keyloggers and Screenloggers
Session Hijackers
Web trojans
Host file poisoning
System Reconfiguration attack
Data Theft
DNS-Based Phishing
Host file change
Poison DNS catche

Data URI
DNS exfiltration
fbStalker - OSINT tool for Facebook - Based on Facebook Graph and other stuff
The data URI scheme is a URI (uniform resource identifier) scheme that provides a way to include data in-line in web pages as if they were external resources. It is a form of a file literal or here document. This technique allows normally separate elements such as images and style sheets to be fetched in a single HTTP request rather than multiple HTTP requests, which can be more efficient.
Benefits of Data URI

Phishing web pages may be more elusive as they are passed around the Internet because phishing no longer requires web hosting of the page.
It also defeats traditional defenses against phishing attacks, such as web filtering and reputation management, because victims don’t need to communicate to an attack server to get phished.
We can create the phishing pages more easily. A personalized phishing web page can be created automatically, based on gathered information, and transmitted to one victim only. There is reason to believe that the data URI scheme can provide other unknown attack vectors.
What You Need
A domain 'yourdomain.com' where you can delegate zones and set NS resource records in DNS.
A standard DNS server of your choice (ex. BIND) with query logging enabled.
A sub-zone named 'file1.yourdomain.com' with a NS record pointing to the logging DNS server.
A programming or scripting language. Python, C++, bash, powershell, etc.
Full transcript