DEF CON 29 Adversary Village - Sanne Maasakkers - Phish Like An APT

Have you ever wondered what phishing strategy real world APTs use? And how these compare with the scenarios that you use during your Red Team / social engineering activities? If you did, you probably found out that there's a lot of research about APT techniques, tactics and procedures, like the use of specific malware or attack vectors, but there are not many public resources on which techniques those attackers actually use to convince a non-suspecting person to aid them in their operation. In this talk an analysis is presented of hundreds of phishing emails that were used in real campaigns. All characteristics of an email, like the method of influence, tone of speech and used technologies are classified and measures how well a phishing campaign is designed, scoring from “obvious spam” to “near-realistic original mail”. By comparing and measuring the state of these phishing emails,we can learn more about how certain groups operate and how much “effort” they put into their scenarios. This is important knowledge for both attackers and defenders. If you want to know how to phish like you’re an APT, then this talk is for you. Spoiler alert: you might already be a better phisher than these groups.