Loading…
This event has ended. Visit the official site or create your own event on Sched.
WELCOME TO THE TEXAS CYBER SUMMIT
Back To Schedule
Saturday, October 12 • 2:15pm - 3:15pm
RT-1050 Calishing: A Red Team Approach to Phishing Google Calendar

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

On Halloween, October 31, 2018, 2 Black Hills Security Researchers, Beau Bullock and Michael Felch disclosed, step-by-step to Google how anyone with a gmail account could add an event, as "accepted" to any Google Calendar via the Google Calendar API. Google called it a feature. Why, a year later is this not fixed? This talk will demonstrate how this "calishing" attack can be utilized in a Red Team operation where the target organization uses G-Suite. I will demonstrate this by leveraging an open source python tool that I have developed, G-Calisher, based on Beau Bullock's and Michael Felch's PowerShell module "Invoke-InjectGEventAPI" from their MailSniper tool. I will lead the audience through the entire kill chain from recon (How to determine if an organization is using G-suite for its email) through Command and Control. I will also discuss how the organization can stop this attack.
Briefing Format: Briefing (~45-60 minutes) 
Audience Level: Beginner 
Description: On Halloween, October 31, 2018, 2 Black Hills Security Researchers, Beau Bullock and Michael Felch disclosed, step-by-step to Google how anyone with a gmail account could add an event, as "accepted" to any Google Calendar via the Google Calendar API. Google called it a feature. Why, a year later is this not fixed? This talk will demonstrate how this "calishing" attack can be utilized in a Red Team operation where the target organization uses G-Suite. I will demonstrate this by leveraging an open source python tool that I have developed, G-Calisher, based on Beau Bullock's and Michael Felch's PowerShell module "Invoke-InjectGEventAPI" from their MailSniper tool. I will lead the audience through the entire kill chain from recon (How to determine if an organization is using G-suite for its email) through Command and Control. I will also discuss how the organization can stop this attack.


Speakers
avatar for Antonio Piazza

Antonio Piazza

Offensive Security Engineer, Box, Inc
Antonio Piazza is an Offensive Security Engineer on the Box Red Team. Following his stint as a US Army Human Intelligence Collector he worked as a Defense contractor/operator on an NSA Red Team so he is intimately familiar with spies, hacking, and everything nerdy. Antonio is passionate... Read More →


Saturday October 12, 2019 2:15pm - 3:15pm CDT
TEXAS BALLROOM - F Track 2 600 E Market St, San Antonio, TX Floor 4