October 25-28, 2017!! We’re going to have so much fun! Hopefully you can join us!
Back To Schedule
Friday, October 27 • 10:40 - 11:25
A Google Event You Won't Forget

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

As more businesses migrate their employee email and data into collaborative cloud platforms, default configurations, even in a secured environment, could leave them susceptible to attacks. While these platforms create a centralized way to collaborate, manage access and view the world from a single pane of glass -- they also create unique attack paths that attackers can leverage using built-in APIs.

In this presentation, we will explore an innovative approach to red teaming organizations that use Google Suite as their main cloud provider. We will walk through leveraging features to inject calendar events, phishing credentials, capturing 2-factor tokens, backdooring accounts and finally pilfering secrets. Techniques presented will also be incorporated and released as modules within MailSniper.

avatar for Beau Bullock

Beau Bullock

Tester, Black Hills Information Security
Beau Bullock is a Senior Security Analyst at Black Hills Information Security. Prior to joining BHIS, Beau‘s primary role has been implementing security controls to protect information and network assets. He has held information security positions in the financial and health industries... Read More →
avatar for Mike Felch

Mike Felch

Black Hills Information Security
Mike Felch is a Red Team Lead and Security Researcher at Black Hills Information Security. Prior to joining BHIS, he was Vice President of Security Research for an infosec start-up leading technical teams and exploiting hardware. Throughout his career, he's held roles as a software... Read More →

Friday October 27, 2017 10:40 - 11:25 MDT
Pinecrest B