Description: Many companies view phishing as a given: employees will click links and enter credentials, and we just need to be okay with that. Phishing prevention usually takes the form of training, and a warning to be careful when reading email. But does phishing training actually work? In this talk, we'll cover the psychology behind successful phishing campaigns, then walk through a series of attacks run against a Bay Area tech company. We'll cover how effective campaigns were built, including bypassing existing protections. Finally, we'll discuss evidence-based techniques to prevent, rather than just mitigate, credential phishing.
Karla has a varied offensive security background: she's reverse engineered train ticketing systems, written articles on TLS and SSH, and competed in the Defcon CTF finals for the last several years running. She officially works on authentication and application security at Stripe, but builds internal phishing campaigns when she has business hours to spare. She's triggered many bouts of internal paranoia, and has built a reputation as being entirely untrustworthy when it comes to email.
For More information Please Visit:- http://circlecitycon.com/
http://www.irongeek.com/i.php?page=videos/circlecitycon2017/mainlist
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.