Ichthyology: Phishing as a Science @tetrakazi Let's talk. Dear - - PowerPoint PPT Presentation

ichthyology phishing as a science
SMART_READER_LITE
LIVE PREVIEW

Ichthyology: Phishing as a Science @tetrakazi Let's talk. Dear - - PowerPoint PPT Presentation

Aug 20, 2023 610 likes •937 views

Ichthyology: Phishing as a Science @tetrakazi Let's talk. Dear Sir, I would like to o ff er you a large sum of money... System 1 System 2 Fast Slow Instinctive Methodical Emotional Rational Gullible Skeptical Information Overload

slide-1
SLIDE 1

Ichthyology: Phishing as a Science

@tetrakazi

slide-2
SLIDE 2
slide-3
SLIDE 3

Let's talk.

slide-4
SLIDE 4

Dear Sir,

I would like to offer you a large sum

  • f money...
slide-5
SLIDE 5

System 1 System 2

Fast Slow Instinctive Methodical Emotional Rational Gullible Skeptical

slide-6
SLIDE 6

Information Overload

slide-7
SLIDE 7

💱

🔒

Action

Exploit

Credential

👿

slide-8
SLIDE 8

Hook Phishing site Trail out

slide-9
SLIDE 9
slide-10
SLIDE 10
slide-11
SLIDE 11
slide-12
SLIDE 12
slide-13
SLIDE 13

Plaintext or HTML

slide-14
SLIDE 14
slide-15
SLIDE 15
slide-16
SLIDE 16

📲

2FA

slide-17
SLIDE 17

Science

slide-18
SLIDE 18
slide-19
SLIDE 19
slide-20
SLIDE 20

What now?

🤸

slide-21
SLIDE 21

Authentication Factors

Have Know Are

slide-22
SLIDE 22

Client certificates

slide-23
SLIDE 23

slide-24
SLIDE 24

U2F

slide-25
SLIDE 25

Single Sign On

slide-26
SLIDE 26

💏

Panacea?

slide-27
SLIDE 27
slide-28
SLIDE 28
slide-29
SLIDE 29
slide-30
SLIDE 30
  • Forbidding phishing in red team exercises is sticking

your head in the sand.


  • Phishing training is ineffective, because you're likely to

fall for phishing emails too.


  • But there are technical solutions that prevent or

mitigate many types of phishing - use them!

So, phishing?

slide-31
SLIDE 31

Questions!

@tetrakazi
 karla@stripe.com