Date
September 28 - September 30, 2023
Presenters
Manager
OSCP, GWAPT, GCPN
Description
Location: Austin, Texas
Joe will be speaking on the topic of The Whimsical World of Business Email Compromise.
The latest statistics are in: A business email compromise costs an organization, on average, $1.03 million for the costliest attacks, and the price is only growing.
While multi-factor authentication (MFA), stronger password requirements, automated password protection tools, increased security awareness, and other factors have increased our ability to protect businesses, the arms race between the proverbial “red” vs “blue” team is ever evolving. These controls take a huge amount of attack surface off the field, but bad actors are constantly researching and employing novel ways to circumnavigate these defenses.
Come and learn about these new approaches that both we as security testers, and the real bad guys, are using to breach organizations and invade their privacy.
Learning Objectives:
- Why MFA is not a set and forget control
- Why your email security solution is not a set and forget control
- Why your MS Teams configuration is not secure by default
- How Microsoft exposes insecure features when you setup your Azure/M365 tenant
- How OneNote malware is the new Office Macro attack
- The lesser known “dual use” products that Microsoft 365 exposes for attackers to use against you
- How a successful phishing attack is often only a phone call away
- How to protect you organization from these vulnerabilities
- Much more!
