Understand phishing and create your own campaign

Erik Vetle Larsen

Short workshop - in English

Everyone has received a spam or phishing mail before, but have you ever wondered how the mechanics behind a phishing campaign works? When can you consider your account compromised, from clicking a link or submitting your credentials?

In this workshop we start off by quickly talking about the motivations behind phishing and how an effective scam is created, applying elements from psychology and social engineering.  Afterwards we take what we have learned and start designing our own simple phishing scam, from credential harvesting web page to sneaky phishing mails

After this workshop you will know the basic set of tools and techniques attackers use when phishing us, and that will better equip us in learning how to defend against them.

Primarily for: Developers, Architects, Security professionals, Others

Participant requirements: A Kali Linux VM has everything you will need. Outside that, a computer with either Linux/Mac and Python installed, or Windows with a Linux subsystem (preferably Ubuntu) and Python. Alternatively most Linux VM's will work. Preferably install and check that SET runs properly: https://github.com/trustedsec/social-engineer-toolkit