Adversary Village

Sanne Maasakkers

Security Expert, Fox-IT

Sanne Maasakkers works as a security expert in the Red Team and Strategic Threat Intelligence team at Fox-IT in the Netherlands. Next to her focus on pentesting and threat analysis (which was recently demonstrated by ‘being’ the attacking APT during the biggest Dutch cyber crisis exercise), she loves to perform social engineering attacks and has a strong expertise on getting initial access by using this technique. In addition to her work, she contributes to "a more secure society" by providing awareness training, guest lectures and hack demos in both professional and educational environments and as team captain of the European team during the International Cyber Security Challenge (ICSC).

Talk: Phish Like An APT

Have you ever wondered what phishing strategy real world APTs use? And how these compare with the scenarios that you use during your Red Team / social engineering activities? If you did, you probably found out that there's a lot of research about APT techniques, tactics and procedures, like the use of specific malware or attack vectors, but there are not many public resources on which techniques those attackers actually use to convince a non-suspecting person to aid them in their operation. In this talk an analysis is presented of hundreds of phishing emails that were used in real campaigns. All characteristics of an email, like the method of influence, tone of speech and used technologies are classified and measures how well a phishing campaign is designed, scoring from “obvious spam” to “near-realistic original mail”. By comparing and measuring the state of these phishing emails,we can learn more about how certain groups operate and how much “effort” they put into their scenarios. This is important knowledge for both attackers and defenders. If you want to know how to phish like you’re an APT, then this talk is for you. Spoiler alert: you might already be a better phisher than these groups.

Recorded Live 📼