ToorCon 21 - PURPLE HAZE THE SPEAR PHISHING EXPERIENCE - Jesse @bashexplode
HTML-код
- Опубликовано: 28 дек 2024
- Someone great once said "pentesting doesn't have to be all dropping exploits and launching shells." I disagree. Not many people truly understand the grueling task of developing a new campaign, designing sick docs, building killer malware, or why the Red Team operates the way they do during a spearphishing campaign to ‘get those shells’. This talk will cover what the Red Team is really doing when they are trying to gain a foothold through social engineering as well as how Blue Teams can leverage this technical insight to combat the dreaded spearphish.
New phishing techniques are always welcome, but one wrong move with one of those techniques and the entirety of your staging infrastructure is burnt, blocked, and reported by the Incident Response team.
I will be going through many steps of trial and error I have experienced while running red team operations and try to drill down to why and how red teamers do things a very spe- cific (opsec safe) way to gain a foothold through spearphishing.
Jesse (@BashexplOde)
Jesse Nebling is a senior engineer and operator on an internal Red Team, a guitarist of cult classic band Free Parking!, and an electronic music producer (@bashexplode) based out of Seattle. Jesse was a consultant for over 7 years that has done penetration tests and full scope red team operations for businesses in a ton of industry sectors including quite a few Fortune 100 businesses. Now that he is helping build out a new Red Team, he is refining and developing awesome new tactics and tools for all steps of the killchain.
![Seungmin "그렇게, 천천히, 우리(As we are)" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/kAzmhLHePqU/mqdefault.jpg)
