SE Village @ DC25: Social Engineering with Web Analytics

July 31, 2017

This weekend I was lucky enough to have the opportunity to speak at the Social Engineering Village at DefCon25. I gave a talk regarding my research with using Google Analytics for social engineering. I made a new tool called google-analytics-attack-ng that has many new features compared to its predecessor in my previous blog post. In addition to the new tooling, I have generated many new theories, techniques, and capabilities. This blog post will eventually contain the contents of my talk. For now, here is the abstract, slides, and new tool.

Abstract: 

“Do you run web analytics on your websites, such as Google Analytics? If you were viewing your web analytics and noticed lots of traffic being referred to your website from an interesting domain, would you investigate? Wouldn’t you be curious as to why you were receiving this traffic and what it could mean? This sort of curiosity could be used against you! This talk will cover the intricacies of social engineering with web analytics! Come find out how the world wide web could be manipulated and how you could perform your very only web analytics social engineering attack!”

Slides:

ZonkSec – DefCon25 – Social Engineering with Web Analytics

Tool:

GitHub: google-analytics-attack-ng

 

 

Thanks for checking out my latest research and a special thanks to anyone who made it out to my talk!