Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
cloud of suspicion scaling up phishing campaigns using

Cloud of Suspicion Scaling Up Phishing campaigns Using Google Apps - PowerPoint PPT Presentation

Oct 15, 2022 •106 likes •268 views

Cloud of Suspicion Scaling Up Phishing campaigns Using Google Apps Scripts MAOR BIN NOVEMBER 2017 Overview Google Apps Scripts Overview Google Apps Scripts A scripting language based on JavaScript that lets you automate actions with

  1. Cloud of Suspicion Scaling Up Phishing campaigns Using Google Apps Scripts MAOR BIN NOVEMBER 2017

  2. Overview Google Apps Scripts

  3. Overview Google Apps Scripts  A scripting language based on JavaScript that lets you automate actions with Google Apps Services  Example of services that can be accessed via Google Apps Scripts:  Gmail app - Send email, read email, get attachments, etc.  Drive app – Create folder, create fle, get fle content, etc.  URL Fetch app – Access external API  etc.  T ype of scripts:  Standalone  Bound to G Suite documents  Web apps

  4. Spreading Google Apps Scripts  Standalone / Bound to G Suite documents  Google fle sharing  Web apps  Create a link and spread it in multiple channels

  5. Data Exfltration  Auto forward emails  Post to external URL  C & C

  6. Data Exfltration

  7. Getting Malicious…  Spreading Malware via Google Drive  Google Docs Worm  Abusing Google Apps Scripts

  8. Google Docs Worm

  9. Creating Google Docs Worm With Google Apps Scripts

  10. Create A Phishing Cloud Macro DEMO

  11. DOES IT SCALE?

  12. Google Services Quotas Google Apps free edition ( Feature Consumer (gmail.com) G Suite Early Access legacy) Calendar events 5,000 / day 10,000 / day 10,000 / day Flexible created Contacts created 1,000 / day 2,000 / day 2,000 / day Flexible Documents created 250 / day 500 / day 1,500 / day Flexible Email recipients per day 100* / day 100* / day 1,500* / day 1,500* / day Email read/write 20,000 / day 40,000 / day 50,000 / day Flexible (excluding send) Groups read 2,000 / day 5,000 / day 10,000 / day Flexible JDBC connection 10,000 / day 10,000 / day 50,000 / day Flexible JDBC failed connection 100 / day 100 / day 500 / day 500 / day Properties read/write 50,000 / day 100,000 / day 500,000 / day Flexible Spreadsheets created 250 / day 500 / day 3,200 / day Flexible Triggers total runtime 90 min / day 3 hr / day 6 hr / day 6 hr / day URL Fetch calls 20,000 / day 50,000 / day 100,000 / day Flexible URL Fetch data received 100MB / day 100MB / day 100MB / day 100MB / day

  13. Limitations Consumer (gmail.com) Google Apps free edition ( G Suite Feature Early Access legacy) Basic/Business/Edu/Gov Script runtime 6 min / execution 6 min / execution 6 min / execution 30 min / execution Custom function 30 sec / execution 30 sec / execution 30 sec / execution 30 sec / execution runtime Email attachments 250 / msg 250 / msg 250 / msg 250 / msg Email body size 200kB / msg 200kB / msg 400kB / msg 400kB / msg Email recipients per 50 / msg 50 / msg 50 / msg 50 / msg message Email total 25MB / msg 25MB / msg 25MB / msg 25MB / msg attachments size Properties value size 9kB / val 9kB / val 9kB / val 9kB / val Properties total storage 500kB / property store 500kB / property store 500kB / property store 500kB / property store Triggers 20 / user / script 20 / user / script 20 / user / script 20 / user / script URL Fetch headers 100 / call 100 / call 100 / call 100 / call URL Fetch header size 8kB / call 8kB / call 8kB / call 8kB / call URL Fetch POST size 10MB / call 10MB / call 10MB / call 10MB / call URL Fetch URL length 2kB / call 2kB / call 2kB / call 2kB / call

  14. Mitigations Self executing JavaScript  Endpoint security  3 rd party app  Review script’s content  Review script’s scopes  Revoke if necessary  https://myaccount.google.com/permissions?pli=1  Consider CASB solutions 

  15. Questions?

Recommend

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing?

Tech Briefing Email Security (Phishing) VPN File Storage Phishing Awareness What is Phishing? Phishing email messages, websites, and phone calls are designed to steal money or sensitive information. Cybercriminals can do this by installing

269 views • 24 slides
Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing

Phishing Fishing or Phishing? Definition Phishing: an attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons. Phishing can be in the form of emails, social

536 views • 20 slides
VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of

THE STATE OF PHISHING ATTACK VECTOR Table of Content Bio What phishing is? Types of Phishing Anatomy of Phishing Counter Measures Reports on Phishing Isaac K. Acheampong Facilities Manager BSc IT, Dip. IT, Sec+ STATE OF

717 views • 34 slides
PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing

PHISHING IN DEPTH (ATTACKS & MITIGATIONS) Table of Content 1.0 Introduction 2.0 Phishing 3.0 Phishing kit 4.0 Types of Phishing 5.0 Avoidance Techniques 6.0 Effect of Phishing on Businesses 7.0 Demos & Practical INTRODUCTION

572 views • 27 slides
Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring:

Training employees to recognise and avoid phishing threats Agenda Today, we will be exploring: What is phishing? How phishing can damage a business What are the difgerent types of phishing? How to spot a phishing email What to do if

164 views • 12 slides
The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing

The Art of Phishing : What you should know Arvind Vishwakarma 05/24/2019 Agenda 1. Phishing In a Nutshell 2. Phishing Types & Techniques 3. Phishing Stats & Modern Trends 4. Case-Study 5. Stay Safe 2 Speaker ABOUT ME

483 views • 24 slides
Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the

School of Fin ine Arts Retreat IT Presentation Rick OToole Phishing Awareness What is Phishing? Phishing is the attempt to obtain personal information such as passwords and logins for malicious purposes. By appearing to be legitimate the

257 views • 13 slides
Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition

Federal Information Systems Security Education Association Spear Phishing Agenda Definition of spear phishing Why is spear phishing so valuable to attackers Spear phishing defenses / countermeasures Training concepts and delivery

441 views • 8 slides
of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results

PhishEye: Xiao Han Nizar Kheir Live Monitoring Davide Balzarotti of Sandboxed Phishing Kits Summary Motivation Sandboxed phishing kits Implementation Results [APWG Phishing Activity Trends Report 2 nd Quarter 2016] All time high record

926 views • 59 slides
Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able

Dont Take The Bait: How To Stay Safe From Phishing Goals After this section, youll be able to: Define phishing Identify signs of a potential phishing email Know where to report phishing emails to and how to report them

169 views • 15 slides
Phishing Emails CS 142 Lecture Notes: Security Attacks: Phishing Slide 1 Legitimate: Extended

Phishing Emails CS 142 Lecture Notes: Security Attacks: Phishing Slide 1 Legitimate: Extended

Phishing Emails CS 142 Lecture Notes: Security Attacks: Phishing Slide 1 Legitimate: Extended Validation CS 142 Lecture Notes: Security Attacks: Phishing Slide 2 Obviously Illegitimate http://rusprory.mass.hc.ru/old_site/update/index.php CS

557 views • 10 slides
Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing

Anti-Phishing Security Strategy Angelo P. E. Rosiello Agenda 1. Brief introduction to phishing 2. Strategic defense techniques 3. A new client based solution: DOMAntiPhish 4. Conclusions Nature of Phishing Statistics from the Anti

538 views • 31 slides
W ebs of Suspicion transcript of presentation video Good afternoon everyone, energy levels

W ebs of Suspicion transcript of presentation video Good afternoon everyone, energy levels

W ebs of Suspicion transcript of presentation video Good afternoon everyone, energy levels high, ready for the beer! One more to go its us Webs of Suspicion. We are a mixture of some good consultancy, some good legal work, some top

408 views • 3 slides
Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and

Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and

Slicing Functional Programs: A Suspicion 10th CREST Open Workshop on Program Analysis and Slicing Henrik Nilsson School of Computer Science The University of Nottingham, UK Slicing Functional Programs: A Suspicion p.1/6 Slicing

416 views • 13 slides
Outline Scaling Scalinga Plenitude of Power Laws Scaling-at-large Scaling-at-large

Outline Scaling Scalinga Plenitude of Power Laws Scaling-at-large Scaling-at-large

Scaling Outline Scaling Scalinga Plenitude of Power Laws Scaling-at-large Scaling-at-large Scaling-at-large Principles of Complex Systems Allometry Allometry Definitions Definitions Course 300, Fall, 2008 Examples Examples

569 views • 27 slides
UP UP AND OUT: SCALING SOFTWARE WITH AKKA Jonas Bonr CTO Typesafe @jboner Scaling software

UP UP AND OUT: SCALING SOFTWARE WITH AKKA Jonas Bonr CTO Typesafe @jboner Scaling software

UP UP AND OUT: SCALING SOFTWARE WITH AKKA Jonas Bonr CTO Typesafe @jboner Scaling software with Jonas Bonr CTO Typesafe @jboner Scaling Scaling software with software with Scaling Scaling software with software with Akka

1.98k views • 174 slides
(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2

(Android) https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2 (iPhone) https://itunes.apple.com/us/app/google-authenticator/id388497605?mt=8 (Android)

369 views • 13 slides
Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan,

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan,

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan, Jingjing Ren, Martina Lindorfer*, Christo Wilson, and David Choffnes Northeastern University, *UC Santa Barbara Motivation + internet connectivity

403 views • 36 slides
Simple set-up to lvss.edu.sg & Google Suite for Education Content 1. Logging into Google

Simple set-up to lvss.edu.sg & Google Suite for Education Content 1. Logging into Google

Simple set-up to lvss.edu.sg & Google Suite for Education Content 1. Logging into Google with lvss.edu.sg 2. Securing the lvss.edu.sg e-mail 3. Logging into Google Classroom and Joining a Class 4. Submission of Assignment in Google

656 views • 33 slides
Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android Xiao

Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android Xiao

Life after App Uninstallation: Are the Data Still Alive? Data Residue Attacks on Android Xiao Zhang, Kailiang Ying, Yousra Aafer, Zhenshen Qiu, and Wenliang Du App Life Installation Interaction Uninstallation But, what if Windows

193 views • 16 slides
STINUS Standardised Transfer of INformation about Users Service David Simonsen Mads Freek

STINUS Standardised Transfer of INformation about Users Service David Simonsen Mads Freek

STINUS Standardised Transfer of INformation about Users Service David Simonsen Mads Freek Petersen Hub and spoke Single login, Single sign on provisioning on the fly Systems Institutions 1 Login X WAYF 2 Login Y RASMUS Remote Access

500 views • 12 slides
From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK Platform-as-a-Service

From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK Platform-as-a-Service

From a pipeline to a government cloud Toby Lorne SRE @ GOV.UK Platform-as-a-Service www.toby.codes github.com/tlwr github.com/alphagov From a pipeline to a government cloud How the UK government deploy a Platform-as-a-Service using

981 views • 75 slides
Logging in to Google Classroom & Clever Getting Started Your child was provided with a

Logging in to Google Classroom & Clever Getting Started Your child was provided with a

Logging in to Google Classroom & Clever Getting Started Your child was provided with a secure login and password that is unique to them. Check with his/her teacher to obtain this private information. Your child will use this login to

518 views • 12 slides
Using Google Earth for Remote Teaching GSA / NAGT June 16, 2020 Digital Field Tools 11:00 am

Using Google Earth for Remote Teaching GSA / NAGT June 16, 2020 Digital Field Tools 11:00 am

Using Google Earth for Remote Teaching GSA / NAGT June 16, 2020 Digital Field Tools 11:00 am MDT Webinar Series 1:00 pm EDT Using Google Earth for Remote Teaching Presenters: Steve Whitmeyer (James Madison University) Drew L askowski

297 views • 27 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.