Hello folks and welcome to the fourth mini paper in my series “from the darkened room”. This mini paper is looking at what actually goes into the reconnaissance part of a penetration test, and how the recon phase alone meant game over on a test.
I work with a fair few ladies and gents who do bug bounties and while sitting on the beach during one of our hack on the beach sessions, I posed the question “How friggin evil is clickjacking, PoC or GTFO.” The challenge was set, and here is what we decided.
A very sophisticated cyber phishing attack targets Gmail users through fraud and unwelcome Google Calendar notifications. This campaign takes advantage of a single common default feature for people using Gmail on their smartphone: “Calendar invites automatically pop up on phones, prompting users to accept or decline them.”
Can a seasoned security professional beat the world’s best security software and mitigation? This job certainly found out.