Phishing: Going from Recon to Creds

DerbyCon V - Unity

Presented by: Adam Compton, Eric Gershman
Date: Friday September 25, 2015
Time: 19:00 - 19:50
Location: Track 1
Track: Break Me

This presentation will start by quickly exploring some of the common phishing attack tools and techniques. During the presentation, audience participation will be encouraged in the form of providing examples and personal experience in what phishing techniques people have used and what would be desirable to include in a phishing tool. Additionally, there will be a demo of a new tool which can assist penetration testers in quickly deploying phishing exercises in minimal time. The tool, when provided minimal input (such as just a domain name), can automatically search for potential targets, deploy multiple phishing websites, craft and send phishing emails to the targets, record the results, and generate a basic report. The tool can either work in a stand alone fashion or make use of external tools (such as theHarvester, BeEf, and Recon-NG) if available.

Adam Compton

Eric Gershman


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats