How responding to phishing has changed in the last five years

Summary:

Kyle Andrus is a seasoned incident responder for a top 500 company. He’s a regular on the podcast when I need to talk incident response and specifically phishing. I last had him on over five years ago to talk about building a malicious link clicker which I used quite a bit in my day-to-day job. Fast forward several years and things have changed significantly.

A lot of the things we used to do no longer make sense because tooling has become much better in the enterprise. A lot of security professionals operate there to respond to phishing emails. While our lives are a littler easier that has led to a new set of threats that the security community hasn’t quite gotten their hands wrapped around the newer problems. Finally, we go over how AI is going to impact phishing. I’m sure that will be a question for more many more podcasts.

Episode Highlights:

  • How has phishing response changed?

  • How we respond to phishing emails

  • The mobile device blind spot

  • What’s new in phishing techniques

  • How AI is going to impact phishing

Guest Information:

Kyle Andrus

#MISEC

Resources and Mentions:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


What is Emotet?

In this inagural stream of the Exploring Information Security podcast, Daniel Ebbutt and Kyle Andrus join me to talk about Emotet.

Daniel (@notdanielebbutt) and Kyle (@chaoticflaws) are the two guys I go to for clicking on suspicious links. Recently, I’ve been seeing more Emotet. So, I wanted to have the guys on to talk about the malware that is making a comeback.

The CFP is open for Converge Conference. The conference is May 16 and 17. They’ll have one day for blue team topics and one day for red team topics. Make sure to submit your malware related talk topics. Also make sure to check out MiSec if you’re in Michigan.

In this episode we discuss:

  • How is Emotet being constructed

  • What are some of the indicators of Emotet?

  • How Emotet is being mitigated

  • What does Emotet do?

What's happening at Converge and Detroit BSides?

IMG_5368.jpg

In this pile of an episode for the Exploring Information Security podcast, Johnny Xmas (@J0hnnyXm4s), Kate Vajda (@vajkat), Rachel Andrus, Kyle Andrus (@chaoticflaws), Daniel (not going to try spelling last name), Amanda Ebbutt, Daniel Ebbutt (@notdanielebbutt), Chris Maddalena (@cmaddalena), and myself get together to record a podcast during Converge and BSides Detroit.

It's another podcast special! This one was at Converge and BSides Detroit. This one took a little bit to get going. When we did we got into a little bit of everything. Topics both in infosec and topics outside of infosec.

In this episode we discuss:

  • Everyone tries Malort

  • The "breach" at Twitter

  • One size doesn't fit all for the populace

  • Real world issues (net neutrality, income, and public service)

How to build a malicious link clicker

In this clicking on that link episode of the Exploring Information Security podcast, Daniel Ebbutt and Kyle Andrus join me to discuss how to build a machine that is used to click on malicious links.

Daniel (@notdanielebbutt) and Kyle (@chaoticflaws) are two of the people I go to when I need to have a better understanding of what a malicious link does. They're passion for clicking on links is out of this world. They also provide some really good insights into the work of clicking on links most people shouldn't. I asked if they'd be willing to walk me through building out a machine that could help me do what they do. They kindly obliged and thus another open mic podcast is born.

In this episode we discuss:

  • How to click on a malicious link

  • What we can learn from clicking on a malicious link

  • What the best setup is for clicking on a malicious link

  • What to do with that information

What is Converge and BSides Detroit?

In this Motor City edition of the Exploring Information Security podcast, Ryan Harp, Kyle Andrus, and Kate Vajda join me to discuss the conferences Converge and BSides Detroit.

Ryan (@th3b00st), Kyle (@chaoticflaws), and Kate (@vajkat) help put on one of the best conferences. Last year was my first year at the conference. I was not disappointed. They had a workshop on application security; a room set aside to get resume feedback; Ham radio exams; and much more. They also had three days of wonderful talks with some really great speakers. At lunch there are multiple treks to go grab a coney dog.

The call for papers is currently open. They're looking for speakers and to add more workshops this year. Tickets are also available now. Make sure to grab yours and I'll see you at Converge and BSides Detroit May 10-12.

In this episode we discuss:

  • How the conference got started.

  • Where the conference is at and what's new this year for the layout.

  • What's unique about the conference.

  • Coney dogs.

What are memory forensics?

In this investigative episode of the Exploring Information Security podcast, Kyle Andrus joins me to discuss memory forensics.

Kyle (@chaoticflaws) is someone I've started to get to know this year. He's an organizer of Converge and BSides Detroit. He's also an organizer for MiSec. Talking with him I noticed a strong interest in memory forensics. This allowed us to geek out a bit on the topic considering I have experience with performing memory forensics as part of incident response. It was one of the more interesting things I've done in security.

In this episode we discuss:

  • How Kyle got into memory forensics
  • What tools are available to perform memory forensics
  • Why memory forensics are useful to an organization
  • What skills are needed for memory forensics

What does Chris Maddalena, Kyle Andrus, and Daniel Ebbutt think about security at DEFCON?

In this crazy edition of the Exploring Information Security podcast, I am joined by Chris Maddalena, Kyle Andrus, and Daniel Ebbutt for another conference podcast special. This time it's DEFCON 25.

Chris (@cmaddalena), Kyle (@chaoticflaws), and Daniel (@notdanielebbutt) join me at DEFCON to discuss various topics ranging from conferences like DEFCON, Blackhat, and BSides Las Vegas to bird feeders. We read a couple passages from the POC||GTFO bible available from no start press.

In this episode we discuss:

  • The death of LineCon
  • Blackhat swag
  • BSides Las Vegas
  • Converge and BSides Detroit
  • Saying yes and knowing when to say no
  • Report writing
  • Macros
  • Bird feeders