Master Phishing: Writing a Phish That Won't Get You Busted (or, How To Bust Phishers) presented at Kiwicon 2012

by Alex Kirk,

Tags: Security

Summary : Phishing has been going on forever, but of late it\'s gone from 419 scams to exploit kits, while becoming more prevalent and (occasionally) more sophisticated in the process. This talk will break down, from an attacker\'s perspective:
* Getting your phish past Gmail, Yahoo, Hotmail, etc.: spam traps are for suckers
* How to make people more likely to click your phish
* Not getting busted by pesky web filters and IDS systems
* Picking a quality host for your payload
Live examples will be used to demonstrate points of phisher failure and general "doing it wrong and getting busted by network security pros" throughout. The audience will also be given a chance to poke fun at legitimate emails that look phishy, and thus help blur the line between "it\'s OK to click on everything I get in my inbox!" and "maybe I should be suspicious of this link randomly delivered to my email address." White hats throughout the room should take notice of subtly delivered, newly proposed logic for generic detection of phishing attacks.
P.S. Those curious about the proposed speaker\'s style are encouraged to read http://www.shitmylogssay.com/?p=10 for an example of him trolling a 419 scammer. Equivalent technically oritented lulz will be present throughout this talk.