- The document discusses hacking a specific organization by targeting its employees and infrastructure vulnerabilities. It proposes using social engineering techniques like phishing and exploiting recent vulnerabilities in CMS systems. It also lists potential attack vectors like open ports, default passwords, and outdated software. The document then discusses monitoring certificate transparency logs and integrating them with Slack to detect phishing domains in real-time. It provides a GitHub link for a demo Python project to catch phishing campaigns using the CertStream API.

1. - Santhosh Baswa
Defend Before
!1
On your Organization
Attack

2. • I’m still a script kiddie maybe ?
• Working for Sophos.
• CTF player *Occasionally*
Who Am I
!2

3. “Do you think Phishing/Social Engineering is Major Threat ???”
!3
*** Share Your Thoughts***

4. Yes/No

5. “How to target on specific Organization ??? ”
!5
***Any IDEA***

6. “What is the target ?”
• Target Organization
• Employee data *LinkedIn*
• Generate pattern emails
• Organization Architecture
“Let’s start compromise.”
• Take few recent vulns *Web*
• Maybe CMS (Drupal/WP)
• Automate Compromise
• Generate Payloads ;)
“Maybe Hacked ..!!!! ”
• Target Sales/Admin Teams
• If success || fail ??
• Grab the active users.
• Malicious doc/html/js/jar
execution.
• C2C / Backdoor (maybe)
PREPARE Let’s Start target a specific Organization
(Red Teamers/Hackers/Hacktivists)
!6

7. • On-prime/Cloud
• S3 Buckets
• Open Ports
• Mis(s)-configuration
• Default Passwords
!7
• WordPress/Drupal CMS
• Vulnerable Web Apps
• Internal Apps
• Endpoint Updates
• Lack of Knowledge
• Psychology
Attacking Vectors
Infrastructure > Third party > Employees
1 2 3

8. ***Any IDEAS on Defense***
Success / Failure
!
Start
Discussion

9. Get back to Phishing / Social Engineering Defense ..!!!!
!9
*** Employee Training / Awareness ***

10. Still Do You Have Any Defense Strategies ??
FA
CT

11. ** Just Imagine **
You can
Yes !!!
If You can Detect Before **** Attack

12. Big Yesssssssssss ….!!!!
!12
• Anyone Know about Certificate Transparency Logs ??
• Monitoring CTL Logs ????
• Do you think Is It Possible ??

13. Cert Stream
*Open-source*
Project
• Google CT Team ( 13 Resources )
• Web Page: https://certstream.calidog.io/
• Free API Access – Python & others.

14. Security Alerts
Python + Slack
Integration
Requirements :
• Linux VM
• Python (pip install certstream)
• Slack API Access

15. Project Execution - Output
!15
• Modify domains.py ( Domains List)
• Slack API + Execute ( catch_phish.py)
• Phishing Campaign Domains.

16. Let’s Start !!!!!!
Demo
Github: https://github.com/P3t3rp4rk3r/phishdomain_slack

17. “
!17
— P3t3rp4rk3r
Any Questions ???