Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place.
Podden och tillhörande omslagsbild på den här sidan tillhör
Security Weekly. Innehållet i podden är skapat av Security Weekly och inte av,
eller tillsammans med, Poddtoppen.