1 00:00:07,020 --> 00:00:11,820 One of the most important security considerations you can learn and you can teach your family, your 2 00:00:11,820 --> 00:00:16,500 co-workers, your friends is how to spot and stop fishing. 3 00:00:16,920 --> 00:00:22,290 So we're going to see how a spear phishing email works from beginning to end and see why so many people, 4 00:00:22,290 --> 00:00:28,350 as many as 23 percent of people click through spearfishing or even regular phishing emails. 5 00:00:28,890 --> 00:00:33,450 They're not like they were in the old days where all the emails were poorly written and misspelled. 6 00:00:33,750 --> 00:00:38,700 Nowadays, we see much more sophisticated attacks, and that's what we're going to build. 7 00:00:38,700 --> 00:00:42,170 We're going to build a spear phishing attack using Calli Linux. 8 00:00:42,540 --> 00:00:47,220 So first of all, let's take a look at how we might start a spear phishing email. 9 00:00:47,460 --> 00:00:55,260 We start with a real email from Facebook or a real notification from Twitter, a real email from your 10 00:00:55,260 --> 00:01:02,010 bank, a real email from you get the picture, any place that has the username and the password on the 11 00:01:02,010 --> 00:01:03,360 same page. 12 00:01:03,360 --> 00:01:05,070 I'll demonstrate that with Facebook. 13 00:01:05,610 --> 00:01:11,910 When you go to Facebook, you see that the username and the password are both on the same page together. 14 00:01:12,180 --> 00:01:17,340 That's going to be pretty important because we'll need to capture both the username and the password 15 00:01:17,340 --> 00:01:19,350 for a phishing attempt to work. 16 00:01:19,710 --> 00:01:24,930 If you're doing this at work, you want to pick a page that you think your employees will visit so that 17 00:01:24,930 --> 00:01:30,930 if they fall for this phishing attempt from you as a security person, you will be able to do a little 18 00:01:30,930 --> 00:01:34,410 bit of training with them and teach them how to spot phishing attempts. 19 00:01:35,280 --> 00:01:37,170 You could also use a bank Web site. 20 00:01:37,590 --> 00:01:39,540 I just picked a random bank here. 21 00:01:40,380 --> 00:01:46,170 This username and password, both together on the front page, are one indication that this could be 22 00:01:46,170 --> 00:01:49,780 used as a potential phishing attack site. 23 00:01:50,310 --> 00:01:56,250 The important thing is that we use a real Web site when we're crafting a spear fishing campaign. 24 00:01:57,210 --> 00:01:59,190 So I'm going to use Facebook. 25 00:01:59,400 --> 00:02:01,410 That just happens to be a quick, easy one. 26 00:02:01,710 --> 00:02:08,670 And then we will make use of a real Facebook notification, an email sent to me in this case with all 27 00:02:08,670 --> 00:02:15,420 the names changed, of course, so that we can see how to craft a spear phishing email using Caleigh 28 00:02:15,720 --> 00:02:17,710 and the social engineers toolkit. 29 00:02:17,970 --> 00:02:20,130 What are we going to need to victims for this to work? 30 00:02:20,130 --> 00:02:21,720 Well, to do the full demonstration. 31 00:02:22,140 --> 00:02:24,450 So we're going to open up virtual box. 32 00:02:25,050 --> 00:02:31,140 And before we open our Caleigh and our Windows computers, I'm going to change the network on both to 33 00:02:31,140 --> 00:02:34,830 the public ten point nine Madde address. 34 00:02:34,860 --> 00:02:36,660 So the public network. 35 00:02:37,170 --> 00:02:41,970 So my Caleigh Linux, I'll go to that network public Matt and hit. 36 00:02:41,970 --> 00:02:48,690 OK, remember this is our Ten DataDot Nine Network and the same for the Windows 10 computer. 37 00:02:48,690 --> 00:02:54,240 I want both of these on a public network because they'll need to see out to Facebook or Twitter or to 38 00:02:54,240 --> 00:02:57,900 your bank website to be able to make this phishing attack work. 39 00:02:58,440 --> 00:03:04,050 So I will choose the Nat'l Network and I'm going to choose public that that is our network public, 40 00:03:04,050 --> 00:03:09,150 Matt, because we'll need both of these computers to see out to the public web so that we can simulate 41 00:03:09,150 --> 00:03:11,610 a real phishing attack like it happens in real life. 42 00:03:14,480 --> 00:03:20,660 Once you have both machines connected to the public network, let's start both Caleigh and Windows 10, 43 00:03:21,320 --> 00:03:24,930 once you have both your Caleigh and your Windows 10 computers open. 44 00:03:25,160 --> 00:03:27,350 Let's go ahead and make Calli full screen. 45 00:03:27,740 --> 00:03:31,180 And in Kalay, we're going to open the social engineers tool kit. 46 00:03:31,220 --> 00:03:32,840 This is under applications. 47 00:03:33,410 --> 00:03:40,220 And on this current version of Calli Linux 2.0, it is under a number 13 social engineering tools. 48 00:03:41,400 --> 00:03:48,450 And you notice that there are tons of menus, tons of attacks, tons of tools on the cauli menus. 49 00:03:48,870 --> 00:03:52,930 Take your time to click through each one of these and get to know each one a little bit. 50 00:03:52,950 --> 00:03:56,460 We can only cover so much in a in an online course. 51 00:03:56,460 --> 00:04:02,040 We might do an advanced course if some folks are interested, but come to the social engineers tool 52 00:04:02,040 --> 00:04:09,030 kit or set when the social engineers tool kit loads, you'll be able to agree to the terms of service. 53 00:04:11,170 --> 00:04:16,330 And then you'll see we have a menu of tools, this is going to be a command line driven application, 54 00:04:16,570 --> 00:04:17,990 but it's going to be very powerful. 55 00:04:18,010 --> 00:04:25,270 It's going to allow us to gather someone's username and password from a popular bank or social media 56 00:04:25,270 --> 00:04:31,450 or any other website by closing that site, just like we saw the Facebook Web page, we're going to 57 00:04:31,450 --> 00:04:36,550 be able to create an exact duplicate of that page and we'll see how to do it in the next lesson.