Phishing attacks are nothing new or unusual, and yet the menace they pose is often overlooked in lieu of flashier malware, APTs, and 0-day exploits. This talk will discuss the state of modern phishing, delving into the economy of phishing. It will detail the roles within this economy and why it presents such a risk to organizations. Using RPG-style stat cards to highlight author strengths and weaknesses, we will then present our research on three phishing kit authors, break down their offerings, and discuss what it takes to run a successful phishing kit empire.
Zack Allen (@teachemtechy) is both a security researcher and the director of threat intelligence at ZeroFOX. Previously, he worked in threat research for the US Air Force and Fastly. Outside of his professional life, Zack volunteers for security competitions such as CCDC and ISTS and practices Brazilian jiu-jitsu.
Ashlee Benge (@ashtr0nautt) is an astrophysicist turned security researcher. In her current role, she researches emerging threats for ZeroFOX. Prior to joining ZeroFOX, Ashlee worked in threat hunting, outreach, and detection analysis roles at Cisco Talos. Outside of infosec she is also a competitive CrossFit athlete and dabbles in stained glass work.