Oh My Phish!
12-09, 11:50–12:35 (Europe/London), Track 3

Phishing remains one of the most effective attack vectors in the cybersecurity landscape. This talk sheds light on the comprehensive setup and intricacies of orchestrating a phishing campaign, dissected into distinct phases: Reconnaissance, Planning, Building, Pre-Execution, and Post-Execution. By diving deep into the attacker's mindset and methodology, participants will gain insights into how a successful phishing campaign is carried out.

Phishing is not merely sending deceptive emails; it's an art that requires meticulous planning and execution. This presentation will guide participants through the journey of a phishing campaign, emphasising each phase:

  1. Reconnaissance:
    - Dive deep into the intelligence gathering of how an attacker decodes an organisation's digital footprint.
    - This includes finding vital domains and subdomains, identifying third-party services in use, and pinpointing employees' email addresses and titles.
    - Real-world examples will demonstrate how even this information can be pieced together to form a potential attack vector.

  2. Planning
    - Move beyond mere data gathering and into the meticulous construction of a story: the pre-text.
    - Delve into the art of designing these narratives tailored to the target organisation's specific usage, drawing inspiration directly from the reconnaissance phase.
    - Discussion on how attackers gauge which pretext will be most effective based on an organisation's operations and culture.

  3. Building
    - Explore the nuances of constructing a flexible and robust infrastructure, versatile enough to capture credentials and facilitate code execution.
    - A walkthrough within cloud infrastructure will give participants a view of this stage, shedding light on cloud-specific ideal tools and configurations for phishing endeavours.
    - Discussion on how to get around modern defences in place.

  4. Pre-Execution
    - Emphasise the significance of trial runs, which can spell the difference between success and failure.
    - Delve into metrics that offer insights into the viability of the planned attack: are emails delivered as intended? Do they pique the recipient's interest?
    - Explore techniques to sidestep potential pitfalls, such as prematurely flagged domains or IP addresses.

  5. Post-Execution
    - Discover what techniques have historically been most effective, and the lessons learned from failed attempts.
    - Emphasise the iterative nature of phishing campaigns, and how constant feedback and adaptation are pivotal to an attacker’s success.

Dhruv is an experienced cybersecurity professional with a key interest in leading & delivering Adversarial Attack (Red/Purple Team) simulations. He formerly established & served as the Head of the Red Team at Resillion and is about to start as the Head of Adversarial Simulations for a UK Bank.

Over the last few years, Dhruv’s core focus has been on developing the red team capability at Resillion, while focusing on testing less common environments such as MacOS. He has successfully delivered advanced attack simulations across a range of sectors including finance, healthcare, legal, and retail. Dhruv possesses extensive experience in executing projects under the UK CBEST/TBEST schemes. Dhruv’s role encompasses a wide array of responsibilities such as recruitment, training, overseeing sales/finances, as well as enhancing technical methodologies and processes.

This speaker also appears in:

Theram is a red teamer at Resillion, a global cybersecurity firm, where he has orchestrated and executed a wide array of red and purple team operations. In his role, Theram specialises in crafting sophisticated phishing campaigns to target small-medium sized businesses and mature organisations alike, across industries ranging from banking and finance, to legal and healthcare. Eager to push boundaries, Theram has lately delved into researching initial access techniques, with a spotlight on mastering the intricacies of phishing. Amongst other industry certifications, Theram currently holds the OSEP, OSCP and CRTO.