It has been absolutely ages since I have written a blog post – genuinely I really havent simply been slacking off, i’ve just been busy! Anyway, figured it was time to do a writeup on some stuff I have been working on. (Please note this is almost the exact same post from the Paterva blog).
Predominately I want to show you some of the work we had to do for Blackhat 2013 – my first BH talk ever! My section of the work was what we ended up calling ‘KingPhisher’ as well as the multi-threaded Python script to crawl websites for some parts of ‘Teeth’ (Roelof’s offensive Maltego transforms).
A common Paterva office treat is that if you make a mistake or if the other person can catch you out at anything you have to make tea (the amount of times I make tea is inversely proportional to how long I have been at Paterva!). This included phishing. Many years ago we would try trick each other into clicking on links. Most security people will agree with us when we say that if you have enough context on a person you can craft an email and include a link on which they *will* click. Additionally we have used Maltego to gain context on people for a while, specifically using social networks (including transforms provided commercially via the SocialNet package). We also accept that there are certain types of mail we seldomly check (in terms of headers/other), we have been semi-programmed by automatic spam filtering and anti-virus to notify us if something is bad. Bottom line — we don’t inspect every link on every mail and we doubt if you do too.
So with this in mind we decided to integrate the two sides – 1) targeted phishing attacks and 2) information gathering in Maltego.
Not the quickest of cats
on the best of days.