Skip to main content

Posts

Featured

Phishing for Shells: Reducing the Attack Surface (Conference talk slides)

As seen at GR-ISSA's monthly meetup and Merit's Security Summit, below are the slides for my talk Phishing for Shells: Reducing the Attack Surface.
I really enjoyed making and presenting on this topic. While some of the blue team remediation options might seem hard to implement, they are definitely worth exploring. They might not be the best remediation options, either. If you use something else to block attacks discussed within this talk, please comment below with your thoughts! 
Talk Abstract:  DDEs, HTAs, Macros, Windows is plagued with different ways to execute code through attachments and Microsoft 'features'. This talk dives into different techniques used from a red team perspective to execute command and control payloads through phishing campaigns, all while bypassing the latest 'Next-Gen AV' solutions. Then, with an understanding of the techniques, we will discuss how organizations can reduce their overall phishing attack surface through smart configura…

Latest Posts

A Convoluted Phishing Payload to Circumvent Common Protections

We're Moving! (Site Under Construction)

GrrCon 2017 Presentation - Easy Ways to Make My Job Harder

Telerik RadAsyncUpload Arbitrary File Upload