MetaPhish

DEF CON 17

Presented by: Pratap Prabhu, Yingbo Song, Salvatore. J. Stolfo
Date: Saturday August 01, 2009
Time: 14:00 - 15:50
Location: Track 2
Track: Track 2

Attackers have been increasingly using the web and client side attacks in order to steal information from victims. The remote exploit paradigm is shifting from the open port to the browser and email client. Penetration testers need to take these techniques into account in order to provide realistic tests.

In the past several years there have been numerous presentations on techniques for specific client side attacks and vulnerabilities. This talk will focus on building a phishing framework on top of Metasploit that pen testers can use to automate phishing and increase their overall capabilities. We will also cover some techniques for SpearPhishing on pen tests, second stage backdoors, and extensive communication over TOR.

Val Smith

<strong>Val Smith</strong> has been involved in the computer security community and industry for over ten years. He currently works as a professional security researcher on a variety of problems in the security community. He specializes in penetration testing, reverse engineering and malware research. He works on the Metasploit Project as well as other vulnerability development efforts. Most recently Valsmith founded Attack Research which is devoted to deep understanding of the mechanics of computer attack. Previously Valsmith founded a public, open source malware research project.

Colin Ames

Colin Ames is a security researcher with Attack Research LLC where he consults for both the private and public sectors. He's currently focused on Pen testing, Exploit Development, Reverse Engineering, and Malware Analysis.

David Kerb

<strong>David Kerb</strong> has worked in the computer security arena for the past ten years. He has specialized in Reverse Engineering, Malware research, and penetration testing. During the past ten years he has worked with various places including Offensive Computing, a Malware Research Company. He is currently helping found Attack Research which is set up to help understand the internals of attacks. Dave Kerb has focused on *nix systems and enjoys figuring out how to abuse various trust relations between *nix systems.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats