1 hour 30 minutes
Hi. Welcome to Cyber Aires. Coarse fishing. Crafting the perfect email. I will be your host instructor. My name is Dustin Perry. We're gonna hop right into it.
So let's start off with a little bit about me. Um, first off, did you have any questions, concerns or feedback on the course? Feel free to reach out to me on Twitter at Perry. Underscore. Dustin.
Currently work is the network security engineer. I've been doing that for a couple years now.
I've gone over 10 years, a 90 Security, like, settled about the last two years.
So I recently graduated with my bachelor's and i t Security from Western Governors University. When I was there, I got a ton of certifications. Definitely a great program. Um,
basic comp t asserts a plus net plus Security Plus Project Plus and Lennox, plus a couple security, Cisco Security, Certs as well.
Some see a w stuff, some linen stuff. Also, I met the requirements of the info sec 4011
this year. I do plan on working on my O S, E, P and C E h. And hopefully get some course up for those as well.
So learning objectives for this course, we're gonna learn what fishing is and why it works.
We're gonna learn what recon is and how social engineers use that to craft phishing emails.
We're gonna learn some other techniques that social engineers used to craft these perfect machine mills.
And we're also gonna learn how we can protect ourselves, our users and organization against phishing emails.
Just a couple prerequisites for this course, you will need a basic understanding of social engineering and fishing.
Hopefully a little bit familiar with Callie Lennox and the limits command line interface. There are a couple labs pretty easy to follow along, though, Um, you also need a Cali Lennix VM then or hard box.
So why should you take this course? Being able to recognize phishing emails is pretty much a necessity nowadays, both in your career and your personal life. You don't want to fall for a scam and lose out on money or something much worse.
If you are looking for a current cyber security red or blue team, you really need to know what fishing is and how it works. Um,
right now, the craze is definitely the red teaming being a pen tester. There's a lot of competition for these jobs. If you know how to write a really good phishing email, it might such a head
couple supplemental materials that I recommend for this course on my blogged journey in the brain.
I've got a couple of fishing miracles. This one specifically is can training, prevented and goes over how we can train our users to recognize phishing emails and other ways we can help prevent them?
Ah, a couple of books as well. The 1st 1 Art of Deception by Kevin Mitnick. In this book, he tells real life stories of actual social engineering attacks that he's done and some other attacks that he's verified
and then fishing Dark Waters by Christopher had no ***. He run social engineering dot com. He's been on several podcasts Gotta newsletter, and he also runs the social engineering Capture the flag at Def Con every year.
Um, this book goes over both the offensive and defensive side of phishing emails,
and every year I recommend reading the Verizon D. B I R and goes over a lot of the current attacks and trends that they're seeing
across the world.
So it's going to jump right in and what is fishing.
Fishing is a type of social engineering, and it uses an email in order to trick a user to click a link, download an attachment or share information that normally wouldn't be shared.
So why does fishing work?
Fishing continues to work because it's in human nature to want to help someone
and a good social engineers and be really, really good at exploiting that weakness.
So have aircraft these perfect phishing emails, the first that probably the most important is re kon.
A good social engineer is going to spend a lot of time doing recon on your organization.
They want to educate themselves and know your company or organization. People that work there better than you
So there's a few common fishing tricks that most social engineers will use. The 1st 1 is spoofing the sender either alias or the email address.
Next one spoofing Web site you are else. This is pretty common. For example, if they wanted to smooth Wikipedia, they might use to V's instead of a w.
So in your Euro bar, it looks like Wikipedia, but it is really different. Different domain.
No clone websites is really, really easy to do. Almost anyone could do it with just a couple clicks,
and they're gonna use human psychology against us.
Quick summary of our introduction lesson here. So fishing is a type of social engineering that uses email specifically to trick users into doing something they normally wouldn't.
And it still works because it's human nature to want to help.
Social engineers were gonna use re kon toe. Learn about your organization.
We're gonna end with a quick quiz here.
First question. What is fishing?
That's right. Fishing is a type of social engineering attack, and he uses email in order to trick user to click a link, download an attachment or share information that normally wouldn't be shared.
So what are some common tricks used by phishing emails?
A couple things they like to do spoofs ender. So Cone websites
souffl upset your l's and they'll use psychology against us.
What is re kon?
Yeah, so usually the first phase of attack. One attacker gathers information about a target and attempts to identify weak points.
So in this course, we've got a lot of things coming up. Um, the next section is gonna be on re kon specifically what it is
and how we can use it.
And then we're gonna have some Cali Lennox labs on tools that we can use for Rico.
You got to get all your information organized, Otherwise you're not gonna be able to perform a very good attack.
And really, if you can't automate your attack, it's probably not gonna be successful or is gonna take you a lot more time than it should.
And then we're gonna go over a couple things
that we can do to recognize it. Stop fishing.