BSidesATL 2018 – Current State of Phishing – Old Bait, New Tackle Box (Nick Powers and David Tulis)
iSpeech
Phishing has changed dramatically over the past several years and the methods used are constantly built upon, leveraging the work of those before us. As long as the transmission of messages from one computer to another has existed, phishing has not been far behind. As far back as phishing for AOL credentials to access to dial-up internet in the 1990s, along with the viral LOVEBUG script shortly thereafter, people have been tricked into divulging information or performing actions of which they do not fully understand the overall potential impact. As network perimeters become harder to penetrate, attackers are increasingly relying on phishing breach the perimeter.
Nick Powers (OSCP, B.S. Computer Science) has two years of security consulting experience, since receiving his Bachelors of Computer Science degree in May of 2016. His previous experience includes compliance focused security audits within the scope of PCI, HIPAA, and other governance ordinances. He has also worked as an analyst in a Security Operations Center (SOC) performing tasks such as writing IPS signatures for new vulnerabilities, investigating incidents, and interacting with multiple SIEM solutions. Nick currently performs offensive security related engagements at Rapid7.
David Tulis is a senior consultant for Protiviti out of Philadelphia, where he has worked for 2 years. Day to day tasks involve writing reports, with a little bit of penetration testing and social engineering in between. David’s expertise includes managing pentesting infrastructure, active directory, and PowerShell. He enjoys spending his time learning new and cool tricks to use on penetration tests. He’s previously worked as a .NET developer and as a Linux sysadmin.
source
Gloss