Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Amplifying Phishing Attacks with Generative AI

Avatar for Daniel Marques Daniel Marques PRO
August 08, 2025
Video
Technology
0
12

Amplifying Phishing Attacks with Generative AI

DEF CON 33 - La Villa Hacker (Ago/25)

This talk was delivered in Brazilian Portuguese.

This talk highlights how to use Artificial Intelligence to address the manual and time-consuming aspects of traditional phishing, such as detailed target research, intricate scenario development, and complex technical setup, to deploy scalable and customized campaigns. We discussed AI-driven methods to produce contextually accurate, corporate-style phishing messages and rapidly deploy authentic-looking websites, reducing the technical barriers for sophisticated phishing operations.

La Villa Hacker @ DEF CON: https://lavillahacker.com/

Avatar for Daniel Marques

Daniel Marques PRO

August 08, 2025
Tweet

Video

More Decks by Daniel Marques

See All by Daniel Marques
Do Scammers dream of electric Phish? Lessons learned from deploying AI-driven phishing ops
Avatar for Daniel Marques 0xc0da
PRO
0
63
Kickstart Your Enterprise Red Team
Avatar for Daniel Marques 0xc0da
PRO
0
160
Kickstarting your in-house Red Team: Challenges and approaches
Avatar for Daniel Marques 0xc0da
PRO
1
710
The Red Teamer's Guide To Building A Program
Avatar for Daniel Marques 0xc0da
PRO
0
400
A Song of Hashes and Dumps: What I've learned from cracking .br passwords
Avatar for Daniel Marques 0xc0da
PRO
1
520
Python para Análises de Segurança (ERSI-2014)
Avatar for Daniel Marques 0xc0da
PRO
1
100
Game of Hashes: Quebrando, passando e libertando senhas
Avatar for Daniel Marques 0xc0da
PRO
0
280
Badass XSS: Esqueça o alert e vá para mundo real
Avatar for Daniel Marques 0xc0da
PRO
0
130

Other Decks in Technology

See All in Technology
スプリントレトロスペクティブはチーム観察の宝庫? 〜チームの衝突レベルに合わせたアプローチ仮説!〜
Avatar for Hatorik electricsatie
1
140
生成AI時代のデータ基盤設計〜ペースレイヤリングで実現する高速開発と持続性〜 / Levtech Meetup_Session_2
Avatar for Sansan R&D sansan_randd
1
110
Oracle Cloud Infrastructure:2025年8月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
0
170
LLM翻訳ツールの開発と海外のお客様対応等への社内導入事例
Avatar for gree_tech gree_tech
PRO
0
430
ヘブンバーンズレッドのレンダリングパイプライン刷新
Avatar for gree_tech gree_tech
PRO
0
430
異業種出身エンジニアが気づいた、転向して十数年経っても変わらない自分の武器とは
Avatar for macneko-ayu macnekoayu
0
260
事業価値と Engineering
Avatar for Recruit recruitengineers
PRO
8
5.3k
つくって納得、つかって実感! 大規模言語モデルことはじめ
Avatar for Recruit recruitengineers
PRO
32
12k
実運用で考える PGO
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
130
努力家なスクラムマスターが陥る「傍観者」という罠と乗り越えた先に信頼があった話 / 20250830 Takahiro Sasaki
Avatar for SHIFT EVOLVE shift_evolve
PRO
2
130
JuniorからSeniorまで: DevOpsエンジニアの成長ロードマップ
Avatar for yuriemori yuriemori
2
350
今!ソフトウェアエンジニアがハードウェアに手を出すには
Avatar for mackee mackee
1
250

Featured

See All Featured
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
37
2.8k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
339
57k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
248
1.3M
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
229
22k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
73
5k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
272
27k
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
36
6.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
29
2.8k
Designing for humans not robots
Avatar for Tammie Lister tammielis
253
25k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
3
600
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
48
9.7k

Transcript

  1. AMPLIFYING PHISHING ATTACKS WITH GENERATIVE AI Daniel Marques (@0xc0da) Agosto/2025

  2. Disclaimer The views and opinions expressed in this talk are

    our own and do not necessarily represent those of our employer. These slides are for educational purposes only and are not to be relied upon as professional advice.

  3. Daniel Marques @0xc0da

  4. GenAI pode ajudar a escalar campanhas de phishing.

  5. TÍPICO WORKFLOW DE PHISHING. Elaboção do pretexto Recon GO! Deploy

    de infraestrutura Criação de emails Lançamento da campanha Coleta & correlação de dados Idealização de cenários Automação e orquestração Geração de texto

  6. TODAS ESSAS ATIVIDADES EXIGEM TEMPO E TRABALHO MANUAL (Especialmente campanhas

    de phishing em diferentes idiomas)

  7. Grupo de ameaças abusando de AI para phishing? Existe algum

    https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/ Emerald Sleet (THALLIUM) Usando LLMs para gerar conteúdo regionalizado. Crimson Sandstorm (CURIUM) Usando LLMs para gerar emails e para web scraping. Charcoal Typhoon (CHROMIUM) Usando LLMs para traduções e comunicações.

  8. Em qualquer cenário, ainda existem desafios e questões Guardrails e

    Jailbreaking Modelos falsos and dados de baixa qualildade OPSEC and monitoramento

  9. Comparação entre modelos e plataformas Uma rápida

  10. GPT-4.1 Claude Sonnet 3.7

  11. Claude Sonnet 4 GPT 5

  12. Mistral

  13. None
  14. None

  15. Modelos locais e sem censura Mas teste todos antes de

    usar. Considere
  16. None

  17. Na prática, ONDE GENAI PODE SER UTIL?

  18. Recon Coleta & correlação de dados Eyewitness APIs / Scripts

    Analise e classificação Decisão
  19. None
  20. None
  21. None
  22. None

  23. Montando um WORKFLOW (QUASE) COMPLETO

  24. None

  25. Algumas ideias para se ter em mente Tem alguem te

    olhando Os modelos “querem” te ajudar Todos esses modelos são ferramentas e cometem erros Dicas para se ter na manga quando trabalhamos com LLMs

  26. Pontos. Principais. Um workflow para phishing pode ser automatizado usando

    IA Interação humana ainda é necessária para gerar um produto final Leve em consideração a necessidade de jailbreak e OPSEC

  27. Obrigado! Gracias! Thank you! Flw vlw!

  28. Imagens • Fundo do slide de abertura: Imagem gerada por

    IA e finalizada por humanos. • A Person Holding a Prosthetic Arm - cottonbro studio - https://www.pexels.com/photo/a-person-holding-a- prosthetic-arm-6153345/ • Two People Using Computers - Tima Miroshnichenko - https://www.pexels.com/photo/two-people-using- computers-5380607/ • Pensive black man thinking in light room – Andres Ayrton - https://www.pexels.com/photo/pensive-black-man-thinking- in-light-room-6578415/ • LinkedIn logo - https://www.vecteezy.com/png/18930480- linkedin-logo-png-linkedin-icon-transparent-png • Fundo do slide de agradecimento: Imagem gerada por IA e finalizada por humanos