AppSec USA 2017 has ended
Friday, September 22 • 3:30pm - 4:15pm
Beyond Takeover – Attacker’s in. Now what?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

We have been conducting ongoing research on the dynamics of credential theft. Our intent was to learn about how accounts are being taken over once credentials are compromised through a Phishing campaign. It is a "victim's POV" approach to Phishing research that has not been taken to date.

In our "beyond takeover" research, we maintained 57 fake identities through a period of 6 months in platforms well-known as phishing targets like Google and Facebook. We invited attackers in by admitting the credentials of these accounts to selected phishing campaigns and traced the activity of the attackers in the accounts.

In this session, we will share our findings from this research. We will present takeover stories and some statistics for interesting questions. After falling into a phishing trap and giving one's password to a fake site, how long does is take until someone will actually get into his or her account for the first time? What does the attacker look for in the hacked account? Where do they look first and which decoys attract their attention? Which security practices do attackers use when sniffing out a hacked account (hiding their geo-location or covering their tr

avatar for Itsik Mantin

Itsik Mantin

Lead Scientist, Imperva
In the last 20 years I have researched and innovated in various cyber-security domains, including web application security, advanced persistent threats, DRM systems, automotive systems and more. While thinking as an attacker is my second nature, my first nature is problem solving... Read More →

Friday September 22, 2017 3:30pm - 4:15pm EDT
Coronado K