OpSec on the High Seas: A Gophish Adventure null Bangalore Meet 15 February 2025 NULL / OWASP Bangalore Combined
Abstract
Phishing happens to be one of the top initial access vectors during red team/pentest engagements. Gophish is one of the most used tools by the operators, however, domains get burned due to OpSec mistakes and at times even trigger alert in the client's environment.
During this talk, I'll be going through some IoCs that are present in the Gophish source code and tips for avoiding detection. While this talk is focused on red team aspect, defenders will also get to know the IoCs and can fine-tune their defenses accordingly.
Please note, that no actual phishing will be demonstrated, neither will any phishing templates will be shared.
Speaker
Timing
Starts at Saturday February 15 2025, 11:50 AM. The sessions runs for about 1 hour.