# BlueHat v17 || 10 Years of Targeted Credential Phishing **[slideshare.net/MSbluehat/10-years-of-targeted-credential-phishing-billy-leonard](https://www.slideshare.net/MSbluehat/10-years-of-targeted-credential-phishing-billy-leonard)** BlueHat Security Conference ## BlueHat v17 || 10 Years of Targeted Credential Phishing | Billy Leonard 1 Share ----- Next SlideShares Upcoming SlideShare BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal... Loading in …3 × 1 of 54 1 of 54 ## BlueHat v17 || 10 Years of Targeted Credential Phishing | Billy Leonard 1 Share Download to read offline [Technology](https://www.slideshare.net/featured/category/technology) ----- While it s not kernel 0days or EMET bypasses, credential phishing has been a go-to in attackers toolboxes for many years, rising to prominence during the run up to the 2016 US Presidential Elections. Being able to access a target's email or files stored in the cloud without burning your prized 0day has proven to be too much for even the most advanced attackers to pass up. In this talk, we will look at how attackers have evolved and adapted their credential phishing operations over the past 10 years, from changes in delivery mechanisms to changes in persistence and exfiltration and how defenses have evolved during that same time. [BlueHat Security Conference](https://www.slideshare.net/MSbluehat?utm_campaign=profiletracking&utm_medium=sssite&utm_source=ssslideview) Follow While it's not kernel 0days or EMET bypasses, credential phishing has been a go-to in attackers toolboxes for many years, rising to prominence during the run up to the 2016 US Presidential Elections. Being able to access a target's email or files stored in the cloud without burning your prized 0day has proven to be too much for even the most advanced attackers to pass up. In this talk, we will look at how attackers have evolved and adapted their credential phishing operations over the past 10 years, from changes in delivery mechanisms to changes in persistence and exfiltration and how defenses have evolved during that same time. [Technology](https://www.slideshare.net/featured/category/technology) ## More Related Content ### Related Books Free with a 14 day trial from Scribd [See all](https://scribd.com/books) ----- So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer (3.5/5) Free Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos (4/5) Free From Gutenberg to Google: The History of Our Future Tom Wheeler (3.5/5) Free ----- SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman (5/5) Free The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis (4.5/5) Free Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns ----- (5/5) Free No Filter: The Inside Story of Instagram Sarah Frier (4.5/5) Free Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine (4/5) Free ----- Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein (4.5/5) Free Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin (4/5) Free Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder (4/5) Free ----- Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz (4.5/5) Free Understanding Media: The Extensions of Man Marshall McLuhan (4/5) Free The Art of War Sun Tsu (3/5) ----- Free Uncommon Carriers John McPhee (3.5/5) Free The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-line Pioneers Tom Standage (3.5/5) Free ### Related Audiobooks Free with a 14 day trial from Scribd [See all](https://scribd.com/audiobooks) ----- The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy (4.5/5) Free The Wires of War: Technology and the Global Struggle for Power Jacob Helberg (4/5) Free System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich (4.5/5) Free ----- After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle (4.5/5) Free Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna (4/5) Free Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen (4.5/5) Free Driven: The Race to Create the Autonomous Car Alex Davies (4.5/5) Free ----- Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle (5/5) Free Second Nature: Scenes from a World Remade Nathaniel Rich (5/5) Free Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier (4/5) Free ----- A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind (4.5/5) Free Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr (4.5/5) Free Blockchain: The Next Everything Stephen P. Williams (4/5) Free Uncanny Valley: A Memoir Anna Wiener (4/5) Free ----- User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang (4.5/5) Free Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich (4.5/5) Free ### BlueHat v17 || 10 Years of Targeted Credential Phishing | Billy Leonard 1. 1. Threat Analysis Group November 2017 - @billyleonard 10 Years of Targeted Credential Phishing [2. 2. Threat Analysis Group Billy Leonard Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-2-638.jpg?cb=1512783473) [3. 3. Threat Analysis Group But first, ….](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-3-638.jpg?cb=1512783473) [4. 4. Threat Analysis Group What we don't see in targeted phishing.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-4-638.jpg?cb=1512783473) [5. 5. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-5-638.jpg?cb=1512783473) [6. 6. Threat Analysis Group Targeted attacks are all really advanced.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-6-638.jpg?cb=1512783473) [7. 7. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-7-638.jpg?cb=1512783473) [8. 8. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-8-638.jpg?cb=1512783473) [9. 9. Threat Analysis Group The Early Days.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-9-638.jpg?cb=1512783473) [10. 10. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-10-638.jpg?cb=1512783473) [11. 11. Threat Analysis Group Source: https://productforums.google.com/forum/?](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-11-638.jpg?cb=1512783473) hl=en#!category-topic/gmail/reading-and-receiving-messages/EndXvDGLoe0 [12. 12. Threat Analysis Group Source:](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-12-638.jpg?cb=1512783473) http://contagiodump.blogspot.com/2011/02/targeted-attacks-against-personal.html ----- [13. 13. Threat Analysis Group Source:](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-13-638.jpg?cb=1512783473) http://contagiodump.blogspot.com/2011/02/targeted-attacks-against-personal.html [14. 14. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-14-638.jpg?cb=1512783473) [15. 15. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-15-638.jpg?cb=1512783473) [16. 16. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-16-638.jpg?cb=1512783473) [17. 17. Threat Analysis Group The Middle Ages.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-17-638.jpg?cb=1512783473) [18. 18. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-18-638.jpg?cb=1512783473) [19. 19. Threat Analysis Group Password Alert.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-19-638.jpg?cb=1512783473) [20. 20. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-20-638.jpg?cb=1512783473) [21. 21. Threat Analysis Group Two Factor Bypass.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-21-638.jpg?cb=1512783473) [22. 22. Threat Analysis Group Source: https://breakingdefense.com/2015/06/strike-back-](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-22-638.jpg?cb=1512783473) at-chinese-for-opm-hack-build-a-cyber-strategy/, http://www.seleniumhq.org/, http://phantomjs.org/ [23. 23. Threat Analysis Group SMS Interception.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-23-638.jpg?cb=1512783473) [24. 24. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-24-638.jpg?cb=1512783473) [25. 25. Threat Analysis Group Source: https://techcrunch.com/2016/07/25/nist-declares-](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-25-638.jpg?cb=1512783473) the-age-of-sms-based-2-factor-authentication-over/, https://www.wired.com/2016/06/hey-stop-using-texts-two-factor-authentication/, https://www.howtogeek.com/310418/why-you-shouldnt-use-sms-for-two-factorauthentication/ [26. 26. Threat Analysis Group Source:](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-26-638.jpg?cb=1512783473) https://www.fredericjacobs.com/blog/2016/01/14/sms-login/, https://www.fredericjacobs.com/blog/2016/04/30/more-on-sms-logins/ [27. 27. Threat Analysis Group Source:](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-27-638.jpg?cb=1512783473) https://www.fredericjacobs.com/blog/2016/04/30/more-on-sms-logins/ [28. 28. Threat Analysis Group Security Keys.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-28-638.jpg?cb=1512783473) [29. 29. Threat Analysis Group Source: https://www.yubico.com/products/yubikey-](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-29-638.jpg?cb=1512783473) hardware/fido-u2f-security-key/, https://www.ftsafe.com/products/FIDO/Multi [30. 30. Threat Analysis Group OAuth.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-30-638.jpg?cb=1512783473) [31. 31. Threat Analysis Group Source: https://msdn.microsoft.com/en-](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-31-638.jpg?cb=1512783473) us/office/office365/api/mail-rest-operations, https://developers.google.com/gmail/api/guides/ [32. 32. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-32-638.jpg?cb=1512783473) [33. 33. Threat Analysis Group Source: https://www.bankinfosecurity.com/attackers-](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-33-638.jpg?cb=1512783473) unleash-oauth-worm-via-google-docs-app-a-9888, https://qz.com/975002/dont-clickthe-google-docs-link-in-that-suspicious-email-you-probably-just-got/ [34. 34. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-34-638.jpg?cb=1512783473) [35. 35. Threat Analysis Group Present Day.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-35-638.jpg?cb=1512783473) [36. 36. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-36-638.jpg?cb=1512783473) [37. 37. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-37-638.jpg?cb=1512783473) [38. 38. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-38-638.jpg?cb=1512783473) ----- [39. 39. Threat Analysis Group Source: https://bitly.com/, https://ngrok.com/,](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-39-638.jpg?cb=1512783473) https://www.mailstore.com/en/products/mailstore-home/, https://takeout.google.com/ [40. 40. Threat Analysis Group Source: https://breakdev.org/evilginx-1-0-update-up-your-](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-40-638.jpg?cb=1512783473) game-in-2fa-phishing/ [41. 41. Threat Analysis Group Who else do we see targeted?](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-41-638.jpg?cb=1512783473) [42. 42. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-42-638.jpg?cb=1512783473) [43. 43. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-43-638.jpg?cb=1512783473) [44. 44. Threat Analysis Group More Recently.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-44-638.jpg?cb=1512783473) [45. 45. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-45-638.jpg?cb=1512783473) [46. 46. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-46-638.jpg?cb=1512783473) [47. 47. Threat Analysis Group Next Gen Password Alert](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-47-638.jpg?cb=1512783473) [48. 48. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-48-638.jpg?cb=1512783473) [49. 49. Threat Analysis Group Advanced Protection Program](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-49-638.jpg?cb=1512783473) [50. 50. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-50-638.jpg?cb=1512783473) [51. 51. Threat Analysis Group Old habits die hard.](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-51-638.jpg?cb=1512783473) [52. 52. Threat Analysis Group](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-52-638.jpg?cb=1512783473) [53. 53. Threat Analysis Group Lot's of thanks ... Threat Analysis Group Counter Abuse](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-53-638.jpg?cb=1512783473) Technologies Jigsaw SafeBrowsing Chrome MSTIC Yahoo/Apple/FB Intel Teams OGs … and a whole cast of characters that are Kind of a Big Deal. [54. 54. Threat Analysis Group Questions?](https://image.slidesharecdn.com/copyof10yearsoftargetedcredentialphishing-msftfinal-171209002251/95/bluehat-v17-10-years-of-targeted-credential-phishing-billy-leonard-54-638.jpg?cb=1512783473) ### 1 like Jessica Wilson Dec. 18, 2021 I like this service ⇒ www.HelpWriting.net ⇐ from Academic Writers. I don't have enough time write it by myself. ### Views Total views 763 On SlideShare 0 From Embeds 0 Number of Embeds ----- 36 ## You have now unlocked unlimited access to 20M+ documents! Unlimited Reading Learn faster and smarter from top experts Unlimited Downloading Download to take your learnings offline and on the go You also get free access to Scribd! Instant access to millions of ebooks, audiobooks, magazines, podcasts and more. Read and listen offline with any device. Free access to premium services like Tuneln, Mubi and more. [Discover More On Scribd](https://scribd.com/) **Public clipboards featuring this slide** No public clipboards found for this slide **Select another clipboard** × Looks like you’ve clipped this slide to already. Create a clipboard ### You just clipped your first slide! Clipping is a handy way to collect important slides you want to go back to later. Now customize the name of a clipboard to store your clips. Special Offer to SlideShare Readers ----- ## Just for you: FREE 60-day trial to the world s largest digital library. The SlideShare family just got bigger. Enjoy access to millions of ebooks, audiobooks, magazines, and more from Scribd. [Read free for 60 days](https://scribd.com/slideshare?utm_medium=cpc&utm_source=slideshare&utm_campaign=promo-exit-v1) Cancel anytime. -----