• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Inside an Email Phishing Attack

This presentation will demonstrates the steps attackers take to design, develop, and deliver an email phishing attack. Additionally, it will demonstrate how attackers traverse an internal network once a successful attack has been delivered.

The presentation will start with reconnaissance and outline how attackers find information about a target organization using publicly available information. Next a real phishing email will be constructed from the information found in the first step. Real world techniques for sending phishing emails will be demonstrated live using virtual machines to simulate attacker and victim computers. Common malware delivery methods will be shown illustrating how attackers bypass firewall and antivirus solutions. Once a victim machine has been compromised, privilege escalation techniques will be demonstrated to show how attackers traverse an internal network to access confidential information. Best practices for defending your network will be defined with each stage of the attack.

Attendees of this talk will understand the thought process of attackers in order to better defend their networks from email phishing attacks.

Key learning points:
  • Practical review of email phishing attacks
  • External network hardening against email phishing attacks
  • Internal network hardening against email phishing attacks

About Chad Nordstrom & Kevin Higgins

Chad Nordstrom is a manager in the Information Security Services Group. Chad is part of a team of technology and industry specialists providing IT audits and security assessments for clients in a wide range of industries and diverse operating environments. He is responsible for the continuing development of the tools, applications, and techniques used in security audits, incident response, and forensics.

Chad brings a strong background in computer technology. He holds certifications as a Certified Forensic Computer Examiner (CFCE), GIAC Certified Forensic Examiner (GCFE),  and the GIAC Security Essentials Certification (GSEC). He has a Bachelor of Arts Degree in Criminology from the University of Minnesota-Duluth, Bachelor of Science Degree in Fish and Wildlife from the University of Minnesota-St Paul, Bachelor of Applied Science Degree in Computer Forensics from Metropolitan State University, and a Certificate of Law Enforcement from Minneapolis Community and Technical College.

Kevin Higgins is an associate information security consultant in the CliftonLarsonAllen LLP Information Security & Advisory Services Group. Kevin has been within the information technology field for five years. Currently, Kevin performs onsite & remote social engineering, internal & external penetration tests, vulnerability assessments, and wireless testing. Kevin has also presented at numerous conferences within the field of information security.

Prior to joining CliftonLarsonAllen, Kevin worked within the information security team at Minnesota State University, Mankato. During his time there, Kevin led a team that conducted incident response, forensics, vulnerability assessments, and compliance.

Primary Sidebar

Details

Tuesday May 17, 2016
4:15 PM - 5:15 PM
Room 6
Level: Advanced
Focus: Cybersecurity

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.