{"id":218,"date":"2009-03-23T13:45:19","date_gmt":"2009-03-23T18:45:19","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=218"},"modified":"2009-04-09T11:38:04","modified_gmt":"2009-04-09T16:38:04","slug":"spear-phishing-breaking-into-wall-street-critical-infrastructure","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2009\/03\/23\/spear-phishing-breaking-into-wall-street-critical-infrastructure\/","title":{"rendered":"Spear Phishing &#8211; Breaking Into Wall Street &#038; Critical Infrastructure"},"content":{"rendered":"<p>For my first breakout session of the TRISC 2009 Conference, I decided to check out Rohyt Belani&#8217;s presentation on Spear Phishing.\u00a0 Rohyt is the CEO of Intrepidus Group and has spoken at a variety of conferences from BlackHat to OWASP to MISTI to Hack in the Box.\u00a0 I had heard from several other conference attendees that he was a pretty good speaker and the topic seemed interesting enough so I went and wasn&#8217;t at all disappointed.\u00a0 My notes (while not very long) from the presentation are below and the actual presentation can be found <a href=\"http:\/\/trisc.org\/presentations\/Big_Game_Phishing_Rohyt_Belani.pdf\" target=\"_blank\">here<\/a>:<\/p>\n<ul>\n<li><!--[if !supportLists]-->CEO of Intrepidus Group<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->Adjunct Professor at Carnegie Mellon University<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->Frequent speaker at BlackHat, OWASP, MISTI, Hack in the Box<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->Phishing: The act of electronically luring a user into surrendering private information that will be used for identity theft or conducting an act that will compromise the victim\u2019s computer system.<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->Example of spear fishing used for pump-and-dump scam<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->Example of spear fishing used to download a Trojan, crack the admin password, and create domain administrator accounts on a windows server.<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->Have a service called fishme.com that is used to run mock attacks against companies.<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->23% +\/- 3% are susceptible to phishing attacks based on surveying on fishme.com<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->Convincing people to click via authority works better than reward<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->People are more \u201cclick happy\u201d on a Friday afternoon<\/li>\n<li><!--[if !supportLists]--><span style=\"font-family: Symbol;\"><span><\/span><\/span><!--[endif]-->Use an existing website that\u2019s vulnerable to XSS or create a fake SSL certificate<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>For my first breakout session of the TRISC 2009 Conference, I decided to check out Rohyt Belani&#8217;s presentation on Spear Phishing.\u00a0 Rohyt is the CEO of Intrepidus Group and has spoken at a variety of conferences from BlackHat to OWASP to MISTI to Hack in the Box.\u00a0 I had heard from several other conference attendees [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[240,222],"tags":[],"class_list":["post-218","post","type-post","status-publish","format-standard","hentry","category-phishing","category-texas-regional-infrastructure-security-conference-2009"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-3w","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=218"}],"version-history":[{"count":3,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/218\/revisions"}],"predecessor-version":[{"id":221,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/218\/revisions\/221"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}