Artwork

Content provided by Security Weekly. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Weekly or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Player FM - Aplicație Podcast
Treceți offline cu aplicația Player FM !

Google Event Injection - Tradecraft Security Weekly 20

13:12
 
Distribuie
 

Manage episode 272907323 series 2794644
Content provided by Security Weekly. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Weekly or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.

Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place.

Links: Blog Post: https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/

  continue reading

14 episoade

Artwork
iconDistribuie
 
Manage episode 272907323 series 2794644
Content provided by Security Weekly. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Security Weekly or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.

Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place.

Links: Blog Post: https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/

  continue reading

14 episoade

Toate episoadele

×
 
Loading …

Bun venit la Player FM!

Player FM scanează web-ul pentru podcast-uri de înaltă calitate pentru a vă putea bucura acum. Este cea mai bună aplicație pentru podcast și funcționează pe Android, iPhone și pe web. Înscrieți-vă pentru a sincroniza abonamentele pe toate dispozitivele.

 

Ghid rapid de referință