This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, May 11 • 10:05 - 10:50
Phishing your way through Two-Factor Authentication

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
If you do Phishing attacks on a regular basis, you will end up using aframework or scripts to automate some of the tedious parts. You haveyour preferred web stack for phishing pages, your custom SMTP deliverysystem (with SPF/DKIM enabled AND good reputation – of course), yourcustom payloads, and you need to maintain all of that while evolvingit at the same time. PhishLulz is an open source bundle of PhishingFrenzy, BeEF and othercustom tools tailored to the fisherman. Multiple real-life engagementsdone with PhishLulz will be discussed, including automatedfunctionality to concurrently grep and extrude content from OWA andOutlook 365 webmails using different credentials. You will alsodiscover how Two-Factor Authentication is effective mostly via‘security by obscurity’, as in when the attacker has zero knowledgeabout the presence and implementation of the 2FA solution. Byfingerprinting in advance the 2FA solution, and having ready phishingtemplates to steal the second factor tokens, you will see how trivialbypassing 2FA can become. Expect demos on real applications protected by 2FA viaSMS/Hardware/Software-based tokens (Opsec here until you come to thetalk :-).

avatar for Michele Orrú

Michele Orrú

Antisnatchor is the lead core developer and smart-minds-recruiter forthe BeEF project. Michele is also the co-author of the “BrowserHacker’s Handbook”. He has a deep knowledge of programming in multiplelanguages and paradigms, and is excited to apply this knowledge whilereading and hacking code written by others. Michele loves lateralthinking, s/fishing/phishing/, black metal, and the communist utopia(however, there is no hope). He also enjoys speaking and drinking at amultitude of hacking conferences, including CONFidence, DeepSec,InsomniHack, Hacktivity, SecurityByte, AthCon, HackPra AllStars,ZeroNights, OWASP AppSec USA, 44Con, EUSecWest, Ruxcon, KiwiCon, PXE,BlackHat. Besides having a grim passion for hacking and programming,he enjoys leaving his Mac alone, while s/phishing/fishing/ in the seaand hoping for... Read More →

Thursday May 11, 2017 10:05 - 10:50
Waterfront Center: Room 3

Attendees (50)