Phishing for clicks is like the VA portion of a Pentest. It feels nice being a hacker, but that fuzzy feeling wears off quickly, once you learn about command and control.

Everyone knows in theory what phishing is, what phishing emails looks like, they even may even theoretically know how it all works.

That about executing a Phishing campaign? This talk will show you the journey of setting up and executing a Phishing campaign to gain command and control. I have tried a few frameworks, coded some pages myself and will show the way I learned to Phish.

This is not just about sending an email and a link, this is about bypassing the email minefield to get the email to the target and having the payload call back out of the network.

We will go through: Choosing and setting up a Phishing Framework Cloning a site Testing delivery and bypassing Spam filters with a payload (Click Once) Testing different user interactions for executing payloads Learning different payloads for command and control

Details:

Date: Saturday - May 17
Time: 11:00
Length: minutes
Location: Grand Ballroom D

Speakers:

Haydn Johnson

Haydn has over 4 years of information security experience, including network/web penetration testing, vulnerability …