Thu, Nov 12|
ISSA Virtual Event - November 2020
Mike Wylie is back, y’all! “Puny Charge your Phishing Campaigns” (or Shooting Puny Phish in a Barrel)
Time & Location
Nov 12, 2020, 12:00 PM – 1:20 PM
About the event
Presented by Mike Wylie, CISSP, Director of Cybersecurity Services, and ISSA Los Angeles Chapter Member
Register in advance for this meeting:
After registering, you will receive a confirmation email containing information about joining the meeting.
Michael Wylie, MBA, CISSP is the Director of Cybersecurity Services at Richey May Technology Solutions. In his role, Michael is responsible for delivering information assurance by means of digital forensics, incident response, maturity assessments, TPN vendor assessments, cloud security, penetration tests, risk management, and training.
Verizon’s 2019 Data Breach Investigation Report (DBIR) indicates that malware is delivered via email in 94% of investigated breaches. Business Email Compromise (BEC) is on the rise. Phishing is still a problem for most organizations. A good phishing campaign is still an easy win for a Red Teamer, though it’s a constant cat-and-mouse game as email gateways deploy new techniques for anti-spoofing and malware detection. This talk will discuss research and browser/app testing around using Puny Code to create solid doppelganger domains for phishing campaigns, watering hole attacks and other creative shenanigans. Using techniques discussed in this talk, you’ll be able to clone your target’s domain name(s) appearing identical to the naked eye. Passing SSL/TLS verification, bypassing security awareness training, and any in-house phishing campaigns your Blue Team might have implemented, this is a $12 technique you must see.