Tweet
Here are the entries for the inaugural Phish Stories contest! Remember, each entrant was tasked with writing a phish that was funny, deceptive or both along with a backstory letting us know their assumptions. The targets for these phish were the fictional management team of DEF CON Custard and Cream of Julia Culter (CEO), Pat Conline (CMO), and Johnny "Red" Packard (CIO). Entrants were given background information including magazine articles and LinkedIn profiles, but the rest was up to them.
You can see the full details and specific scenario here --> https://forum.defcon.org/node/245220
The winners will be announced on June 29th.
Without further adieu, let's get to the entries! -- Note: they are in no particular order.
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 1 - garrett_adler
########################## BACKSTORY SECTION - Entry 1 - garrett_adler ##########################
I picked Pat Conline as my target, mostly because in the Bon Hacketit Magazine article she mentions that she’s not the most tech-savvy person. Being less technical might make her less likely to hover over a link to see where it’s sending her, or less likely to even assume a link could be malicious.
In both Pat’s LinkedIn profile and the article in Bon Hacketit Magazine Pat’s parakeet Linda is mentioned, and it’s very clear that the parakeet is important to her. However, in the article it is also mentioned that Pat is spending less time with Linda and is taking more time to enjoy the “great city”. I made an assumption that with Pat spending less time at home, and less time with her parakeet, that she would have hired a pet sitter to watch or check in on Linda while she’s not home. With how clear it is that Pat is really close to Linda, I assumed that Pat would have an emotional reaction to any news about her pet that would cloud any inhibitions she might have around clicking a link in an email.
Pat claims to have a sweet tooth, so I assumed she would have Custard and Cream products at home to snack on, and would probably not care that her pet sitter indulged a little too. From there I went with a story that the pet sitter was indulging a bit, had to leave the room abruptly (curse her lactose intolerance!), and Linda got into the leftover custard. Upon returning, the bird was singing and dancing to songs by the bands Custard, and Cream. A bird singing and dancing, covered beak to tail in custard, is a hilarious concept, and I assumed that Pat would click a link to see pictures and videos of that event.
To play on the emotional response of this, I include that the pet sitter took Linda to the vet to ensure that much custard is ok for a bird to ingest, and to calm the nerves of Pat while she’s reading the email. To up the chances of Pat clicking a link, in case she wasn’t interested in seeing the pictures and videos mentioned earlier, I included a second link to the veterinarians report and bill for Linda’s services. Being as close as she is to Linda, Pat would be sure to click the link and make sure the vet does not have any concerns about Lindas health.
########################## E-MAIL SECTION - Entry 1 - garrett_adler ##########################
Pat!
First off, let me just say that everything is ok and Linda is fine.
Today I decided to try some of that new flavor from Custard and Cream that you had in your freezer (I hope that’s ok…) and quickly left the room to excuse myself. Maybe creamy treats aren’t the best for my lactose intolerance, but I love them so! Well when I returned to the room Linda had decided it was time for a custard bender and had climbed all the way inside the, at this point nearly empty, bucket of custard.
At this point Linda began singing White Room by Cream and Girls Like That by Custard. I knew I needed to get her to the vet to make sure she was ok, but you have to appreciate it’s not every day you see a parakeet hopped up on Custard and Cream, and singing the hits by the bands Custard and Cream! I’m sure you’re used to it by now, but in case you needed a pick me up today, I took some videos of her singing her little heart out and uploaded them [here](malicious link #1).
Following Linda’s performance I got her in her cage and brought her over to the closest veterinarian, who thoroughly examined her and helped to clean some of the custard off of her. They assured me that while Linda might have had a slightly upset stomach from the custard overload, there are no major concerns. The veterinarian’s office has uploaded their notes [here](malicious link #2), along with the bill for Linda's services. Don’t worry I took care of the bill already!
Thank you for entrusting me with Linda's care. It's an absolute joy to spend time with such a talented and entertaining companion. I hope those pictures and videos of Linda brighten your day a bit and again, I really do apologize for letting Linda indulge in her Custard fantasies!
Warm regards,
Pet Sitter
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 2 - rrunner
########################## BACKSTORY SECTION - Entry 2 - rrunner ##########################
Pat Conline will be the target of interest in this submission. This individual was selected based on the likelihood of them taking the bait, being a clicky clickster and divulging the desired information. This assumption is based on Pat's comments in an article stating "I'll be the first to admit that I'm not the most computer-literate person out there" and "I don't know much about the technical side of things". Based on this individuals profile, they work directly with the company owner and Sales team. My hope is they are an individual that would have the authority to process orders/invoices individually or have an established connection with someone in the company that is appointed to do so. This assumption is mostly based on the CMO's responsibility of "overseeing all of the company's advertising and marketing efforts" also found in the mentioned article. With that in mind, I can also assume they maintain a sound and/or friendly relationship with third-parties that I intend to make additional targets. My goal was to use simple SE techniques to get Pat to click and provide creds in a timely manner so that I would be able to exploit their mailboxes accordingly. The motivation for this phish was to get paid, having zero interest in gaining a foothold in DCC's network.
Objectives: 1) Exploit Pat Conline's current job functions, goals of implementation and lack of computer knowledge to obtain work email and/or personal email credentials. 2) Determine Big Phish in comms patterns, i.e, history of internal monies, clients and customers. 3) Craft vishing emails for further cred harvesting, continuing to target common contacts and/or request payment via invoice, failed transaction(s), etc.
Plan of Attack: A phishing email was tailored primarily for our initial target in an attempt to gain the victims immediate interest, suggest a sense of urgency and get them to click. My first instinct was to target the CEO but figured the CMO would be more likely to attend the "con", have similar intel here, oh and click... The links provided in the phish will have 1 of 2 results: 1) The target is redirected to a sign-up URL, requesting them to sign up as a Vendor and provide PII, PCI (via donation), work and personal email, etc. 2) The target is redirected to a cloned website meant to provide validity to the email claims, as well as provide psuedo contact information on said references which will be methods to contact yours truly. For context, the malicious website is meant to log all user inputs and store them in a DB for additional shenanigans; when being asked for email information the target will be asked to select from seperate mail provider links, which will then redirect them to a cloned login page of their choosing.
"WE'RE IN": Assuming we have been able to obtain Pat's creds and login to the desired mailbox(s) we'll need to add some inbound rules to work in our favor. First, we'll want to try to redirect all inbound mail to our email: commissionofcream@proton.me. In addition, some inbound filters can be applied to the targeted mailboxes to temporarily hide comms and maybe enabling 2FA on a burner device wouldn't hurt persistence. This process will be continued for all third-party mailboxes in the event credentials are obtained. Primitive but could be effective for off-hours attacks. We may even try something like copy/paste the original phishing email from Pat's mailbox to the CEO as a quick grab for their credentials, PII, or PCI as well.
########################## E-MAIL SECTION - Entry 2 - rrunner ##########################
Subject: Join the Chilliest Conference in Town!
Calling all Cream Connoisseurs,
I scream, you scream, we all scream for... an opportunity of a lifetime! We are reaching out to referred customers, clients and companies alike with a scoop-tacular offer that will leave you creaming for more!
As a representative of the Nevada Commission of Cream, I could not wait to begin our outreach campaign regarding our most recent scoop, the First Annual Cream Con! I am very excited to invite your company as one of our honored guests and flavor Vendors! This frozen extravaganza is a celebration of all things chilly, creamy and utterly delicious. Brace yourself, because the ultimate gathering of cream enthusiasts is just around the corner and will be held in the heart of Las Vegas!
Cream Con will be taking place from August 10-13, 2023 and you will have the opportunity to represent your organization at the coolest event this summer. But have I mentioned the cherry on top? The first 10 companies to sign-up with our promotional referral code, will become a registered Vendor at No Additional Cost! But wait, there's more... As a conference vendor, your company representatives will have unlimited access to our premier ice cream, gelato and custard buffet featuring an array of brand new flavors, toppings and sauce options.
Now, you may be wondering, what makes this conference a must-attend for all ice cream aficionados? Allow me to sprinkle you with some mouthwatering details:
1. Cold Confection Connection: Socialize with Nevada's frozen family in our chill-out area where like-minded creamers can mingle with fellow enthusiasts, share laughs, and make lifelong connections with people who understand your unyielding passion for chill desserts.
2. Custard Clash Showdown: Witness a fierce competition as custard crusaders battle it out for the prestigious Golden Whisk award. Marvel at their mesmerizing techniques, their velvety smooth creations, and the occasional custard-related pun that will make you giggle like a jolly sundae lover.
3. The Cone Chronicles: Dive into the fascinating history of ice cream cones as we unravel the mysteries behind this beloved vessel of frozen bliss. From the humble beginnings of the wafer cone to the invention of waffle cones, get ready to be schooled in the art of cone creation and consumption.
Plus so many more! And if that's not enough to convince you, the marketing, exposure and networking opportunities alone are typically valued over $9,000.00 - Don't let this opportunity melt away! So, mark your calendar, stock up on napkins, and get ready for the Commission of Cream's First Annual Cream Con!
Your Sweet Tooth Senses are Tingling! Sign-Up with the Vendor link Below https://www.nvcreamcommission.com/VendorSignUp
REFERRAL CODE: KDFN-WKH-SODQHW
Please note, you will be asked to sign-in to your email to accept our upcoming newscast calendar invite - This is entirely optional but will be beneficial for receiving real-time updates regarding confirmation of the conference location and participating vendors.
Check out our Official Sponsors and Community Outreach Volunteers!
Dairy Council of Nevada - 2165 Blue Vista Dr, #206A Sparks, NV 89431 https://nvmiIkanddairy.com/ - Lisa Larson llarson@nevadamiIk.com 281-330-8004
University of Nevada, Las Vegas - 4505 S. Maryland Pkwy. Las Vegas, NV 89154 https://www.un1v.edu/sociology/comm-outreaches - (702) 867-5309
Chillin' with anticipation,
The Commission of Cream
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 3 - birdbird
########################## BACKSTORY SECTION - Entry 3 - birdbird ##########################
For this phish, I am attempting a two-pronged attack that really aims to push incredulity for us, while existing in the universe I’m creating. Pat and Julia are of particular interest to me.
Initial Assumptions: As a single location brick-and-mortar bakery, they are a close-knit group. Although they specialize in custard and cream, they sell other things; They want to drum up press to facilitate expansion; Given their graduation years, they are all around 26-27 years old; As Zillenials, they are internet-cautious (especially Johnny) but also very aware of entertainment for advertising, a la “All PR is good PR”; Julia (+ others) would like to publish a cookbook
Key Assumptions: Pat is an AVID bird enthusiast. She believes she can teach Linda to talk, and regularly attends Parrot Kindergarten (this is a real thing for birds, beyond parrots); Pat is single; Tech-dummy Pat has easily researched, public, poorly protected social media + the bakery IG must have someone they follow with a public IG that can be used for research; As business owners, their emails will be easy to find (OSINT: search, common formats, data breaches)
I did take some liberties in assuming that Pat love-loves birds and is single, but I think that the rest of my assumptions are logical generation-based conclusions as someone in the same age group. Given Johnny is a security professional, he’s right out to target. But Pat readily admits she’s the least tech savvy. Furthermore, she has a niche hobby that I can use to establish familiarity. Although she’s not a baker herself, I envision she either has some rudimentary skills, or if she doesn’t, she still clicks the link to talk and see if perhaps Julia or Johnny would be a good fit, directly forwards the email (hopefully just) to Julia who clicks it because it feels a little more credible when passed on that way.
I think that even Johnny, a security professional, might fall for it if Pat just passes it on as “my friend reached out to me, but I don’t know if I’m good enough to go on…but maybe you are” and I think that since Pat and the bakery are looking to expand, they’ll be more interested in this opportunity, because of the press potential. Even if Pat isn’t single, she may still click for her parakeet to make a friend and even for the sake of PR a baker may pretend to be single.
Now, I could have just done a general baking show casting call or I could have made it just a custard baking show rather than all baked goods but I love the absurdity of dating shows and I have faith that although they specialize in custard, they know how to do non-custards but would also make the most of the opportunity to show off custard so good it makes someone fall in love—I mean, what a great accolade!
After the target clicks the email, I imagine that a variety of things could happen, including downloading a malicious file that would compromise the user device. But I think I’d like to really play the long game here or maybe turn this into a pig butchering scheme. So I’d take them to an actual calendar view but require them to logon to say, gmail, to view. I’d spoof an overlay of the logon page, let it redirect to the right one after they enter their info and hopefully get their email PWD. And once it’s scheduled, I’d send an email with a Skype link. I’m choosing Skype because it’s less common nowadays, doesn’t use 2FA and is linked to MSOffice accounts. Same deal, spoofed page, steal IDs, redirect. Now I have two logons and access to all of their documents and emails. Could at this point do a low-code ransom, just change their PWDs, copy their cloud, delete everything…Sucks to be a sucker
########################## E-MAIL SECTION - Entry 3 - birdbird ##########################
Hi Pat,
It was so good to connect with you at Parrot Kindergarten’s event last month. There were so many people there, but my Luly really took a shine to Linda. I need to make it back to another class. Anyways, I remember you mentioning you were looking for innovative ways to drum up some business for your bakery and I actually just got tapped to cast for a new show. Stay with me, but it’s a variation on Love is Blind and Great British Bake-Off. We’re casting for a new show called Pastry Perfect Partner. Since we’re already acquainted, I wanted to reach out to you more personally about coming on this show, if you have some time for a call. But I’ve attached the standard intro spiel I give at the bottom.
Keep this between you and me, but Paul Hollywood the moderator! ;)
Do you want to put some time on my calendar to talk about this? Maybe we can set up a parakeet date too :) http://bit.lyz/12345abcd
Find the icing to your cake, the sprinkle to your donut, the chocolate chip to your cookie! Kinetic Love, the studio behind shows like Love is Blind, The Ultimatum, and Married at First Sight is now casting for a new show, Perfect Pastry Partner!
On this show, amazing bakers from around the world match whisks and lock lips. Will it be love at first bite, or will you need to sugar up your fellow fudge aficionados? In this competition, ten bakeries send their best to blind bake for their fellow contestants, and if it feels dulce de right-che to both of you then PPP will send you on a P-P-Perfect date!
Over a period of three weeks, you’ll be invited to make your signature pastries and pick a partner based off theirs. You’ll then be challenged to make their signature dish. Everyone will be challenged to make a few classics as well. Then, you’ll go on dates with the person who’s perfect pastries you appreciate most assuming they like yours too! But twists upon twists, batman! You have no idea what they look like, your only basis for choosing a partner will be their pastry. Each week you will be blind baking in a private studio kitchen. Maybe you’ll match with a different person each time, or maybe you’ll consistently love each other’s creations. PPP challenges you to show off your personality through the art of food. Are you ready?
Although there’s no prize money, as this isn’t a competition for anything (besides love!), Pastry Perfect Partner is looking to collaborate with participating bakeries at the end to release a promotional cookbook with both signatures and notable spins on classic pastries that will be featured in the show. There will be a royalty sharing agreement and opportunity for future partnership, sponsorship, and brand deals.
As a part of the show, we’ll also be taking cameras to each bakery to give the audience a feel for who they’re rooting for in addition to several on-set interviews. We also recognize that sometimes, inspiration doesn’t strike fast so if you choose to participate, we’ll give you six weeks to prepare and perfect what you’ll be showcasing.
Please, if you have any questions don’t hesitate to email me back.
Your Custard Comrade(s),
Chun (and Luly!)
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 4 - makeithackin
########################## BACKSTORY SECTION - Entry 4 - makeithackin ##########################
On the neon-bathed stretch of the Las Vegas Strip, nestled amidst colossal casinos and world-class restaurants, lies DEFCON Custard and Cream. This dessert oasis is where creamy dreams come true for all sweet-toothed visitors, but the most amusing events are unfolding behind the scenes.
Pat Conline, the Chief Marketing Officer, is the entrepreneurial genius behind DEFCON's tantalizing marketing. Her expertise has brought a windfall of customers, each succumbing to the siren call of the delicious custard. Pat’s brilliance, however, fizzles when it comes to technology - give her a computer, and she’s as lost as a penguin in the Sahara. In her free time, she pours her affection on Linda, her pet parakeet, who Pat half-jokingly credits as her marketing muse.
Meanwhile, Johnny "Red" Packard, the Chief Information Officer, is the tech maestro behind DEFCON. With fiery red hair as vibrant as his passion for technology, Johnny ensures the company's IT systems are as smooth as their signature custard. His hands, which can fix a coding glitch as easily as they can whip up a heavenly custard, are blissfully unaware of the mischief being plotted against him.
Enter Max "Magic" Madison, a notorious prankster and lover of custard. His favorite time of the year? April Fool's Day, when he weaves his most humorous plots. Max isn't a part of DEFCON, but he happened to have lunch next to Pat and Johnny one day and overheard their conversation about work, Linda, and technology. Max's love for good humor and pranks set his eyes on hacking the company in order to generate his own custard gift cards. All he needs to do is execute some code on Pat's computer and then he'll be swimming in cream.
This year, Max has set his sights on Pat and Johnny. His plan? Draft an email to Pat, masquerading as Johnny, introducing an all-new, entirely fictitious, marketing tool. Max has studied Johnny's email style well enough to imitate it, aiming to convince Pat that the tool is real. Max will change the email headers to make it appear the email is coming from Johnny. Max knows DEFCON's email system may flag the email with an "unverified sender" label, but he's counting on Pat not spotting the difference. He's also registered a fictitious website using the new ".zip" domain, so that he can craft the URL with a legitimate domain in the beginning.
Max is counting on two things: Pat's well-known struggle with technology and her respect for Johnny's expertise. He imagines Pat, furrowing her brow and murmuring to Linda, trying to decipher the concept of this tool. Max plans to include a link that, when clicked, will execute a browser exploit on Pat's computer and give him remote code execution.
In this twist of events, the DEFCON Custard and Cream team unknowingly become the main characters in Max's phish. It's a testament to their camaraderie, proving that even amid the hustle of running a successful dessert shop, they need to be on the lookout for people that aren't so sweet.
########################## E-MAIL SECTION - Entry 4 - makeithackin ##########################
Subject: A Dollop of Imagination: Get Ready for "CustardCanvas"
Dear Pat,
Hope this email finds you well, and Linda hasn’t flown off with your custard stash again! I'm writing to you with news hotter than our freshly-made waffle cones. It seems that my coding adventures have taken a turn towards the sweet side, and I may have created something that might just be our ticket to Confectionery Hall of Fame (if there isn't one, there should be, right?)
Ladies and gentlebirds, introducing "CustardCanvas" - a tool designed to help visualize and whip up revolutionary custard flavors faster than Linda can squawk at a shiny object. We're talking peanut butter pickle swirl, orange espresso explosion, and maybe even a parakeet pistachio. Okay, maybe not that last one.
Think of CustardCanvas as a secret sauce (pun intended) to our marketing strategy. With just a few clicks, you'll be creating digital campaigns that will have our customers drooling on their keyboards and rushing to our stores. Plus, the user interface is so easy even Linda could probably navigate it - though we may need to scale down the mouse for her.
To get you acquainted with CustardCanvas, I've created a comprehensive guide. It’s so easy to understand, even our frozen custard machine could get it. You can check it out by clicking on this link.
https://DefconCustardAndCream.com/em...tardCanvas.zip
Can't wait to see what flavor frenzy you'll create with CustardCanvas. Who knows, we might end up with a DEFCON custard flavor that’s as unique and beloved as Linda's chirps in the morning!
Best,
Johnny
================================================== ==========
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 5 - danmulvey
########################## BACKSTORY SECTION - Entry 5 - danmulvey ##########################
I figured I would take the middle path, leaning heavily on the Jester side of things. I have imagined that a small company like this would be in a shared building, so I have imagined an innocent neighboring business that I will use as my initial story. Starting here, I crafted an email chain between the neighbor (with their emergency maintenance request - tasty custard and cream seeping through the walls) and property management. I figured it wouldn't seem too out of the ordinary for property management to loop our targets in to the message in order to get to the bottom of things. Since I'm crafting this message to target the CEO I figured the combination of a drastic failure of new equipment and procedures (specifically designed to work without the presence of staff), and the blocking issue of needing approval for maintenance to enter the space, it shouldn't be too unreasonable for her to click through without noticing the clearly fake domain name. I added in that the CIO would like the "approval code", which will actually be the CEOs 2FA code - generated by passing the credentials from my malicious website to whatever account I am actually trying to access (after logging them of course!).
########################## E-MAIL SECTION - Entry 5 - danmulvey ##########################
================================================== ===
Subject: Urgent Maintenance Request
From: jpackard@defconcreams.com
To: jculter@defconcreams.com
Body:
Good evening Julia,
I received a message from building management this evening and it seems that our new automated system has run into some problems. I touched base with the sales team and it seems that our wholesale team processed their usual grocery store accounts through the new automated system, which has not been tested for this type of load. Our office neighbor (bless her heart) is now battling a wave of tasty cream, and building management needs our approval to enter the space with an inspector before they can begin repairing the damaged walls. If you could log in to their maintenance portal and give approval we can get this behind us and continue working on automated cream service for our wonderful customers. Here is the link for the maintenance portal, once you approve the request please forward the confirmation code to me so that I can log this in our incident report logs.
http://defconcreanns.com/maint_request.php
Thank you!
- Red
|| Subject: RE: RE: RE: URGENT: leaking walls in multiple units
|| From: property-management@realoffices.com
|| To: jpackard@defconcreams.com
||
|| Body:
|| Mr. Packard - looping you in on this, have you noticed any irregularities in your automated cream packers?
|| || From: property-management@realoffices.com
|| || To: joanne@kittenknitten.com
|| || Subject: RE: URGENT MAINTENANCE NEEDED
|| || Body:
|| || Joanne-
|| || Thank you for notifying us of this issue. As the building is not insulated, there is no chance that your
|| || precious kittens have eaten insulation. Perhaps the business in the unit next to yours can shed some light || || on this. They produce creams and custards - based on the outrageous amount they are paying in rent, their || || product must be selling well so I am not surprised that your kittens would be enjoying the extra product
|| || that has made it to your unit. I know they are testing a new automated ordering/packing/shipping system,
|| || perhaps there are still some issues with the volume of sales during the off hours. We will send someone out || || immediately (with a spoon perhaps!).
|| || Thank you
|| || - Management
|| || || Forwarded From: joanne@kittenknitten.com
|| || || Subject: URGENT MAINTENANCE NEEDED
|| || || Hello Miss Krampel,
|| || || When I arrived to the office this evening to feed my cats, I noticed what seems to be some sort of
|| || || insulation expanding from the walls in my kitten knitting room. Several kittens have already eaten some || || || of the insulation and I am worried for their health. Without the kittens as my muses, I have no
|| || || business - so you can see how upsetting this situation is for me.
|| || || Please send someone to fix this as soon as possible, there are too many kittens for me to hold them all || || || andI can't stop them from licking what I assume is toxic insulation.
|| || || Thank you,
|| || || Joanne
======== END EMAIL SECTION =============================================
-------------------------------------------------------------------------------------------------------------------------------
You can see the full details and specific scenario here --> https://forum.defcon.org/node/245220
The winners will be announced on June 29th.
Without further adieu, let's get to the entries! -- Note: they are in no particular order.
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 1 - garrett_adler
########################## BACKSTORY SECTION - Entry 1 - garrett_adler ##########################
I picked Pat Conline as my target, mostly because in the Bon Hacketit Magazine article she mentions that she’s not the most tech-savvy person. Being less technical might make her less likely to hover over a link to see where it’s sending her, or less likely to even assume a link could be malicious.
In both Pat’s LinkedIn profile and the article in Bon Hacketit Magazine Pat’s parakeet Linda is mentioned, and it’s very clear that the parakeet is important to her. However, in the article it is also mentioned that Pat is spending less time with Linda and is taking more time to enjoy the “great city”. I made an assumption that with Pat spending less time at home, and less time with her parakeet, that she would have hired a pet sitter to watch or check in on Linda while she’s not home. With how clear it is that Pat is really close to Linda, I assumed that Pat would have an emotional reaction to any news about her pet that would cloud any inhibitions she might have around clicking a link in an email.
Pat claims to have a sweet tooth, so I assumed she would have Custard and Cream products at home to snack on, and would probably not care that her pet sitter indulged a little too. From there I went with a story that the pet sitter was indulging a bit, had to leave the room abruptly (curse her lactose intolerance!), and Linda got into the leftover custard. Upon returning, the bird was singing and dancing to songs by the bands Custard, and Cream. A bird singing and dancing, covered beak to tail in custard, is a hilarious concept, and I assumed that Pat would click a link to see pictures and videos of that event.
To play on the emotional response of this, I include that the pet sitter took Linda to the vet to ensure that much custard is ok for a bird to ingest, and to calm the nerves of Pat while she’s reading the email. To up the chances of Pat clicking a link, in case she wasn’t interested in seeing the pictures and videos mentioned earlier, I included a second link to the veterinarians report and bill for Linda’s services. Being as close as she is to Linda, Pat would be sure to click the link and make sure the vet does not have any concerns about Lindas health.
########################## E-MAIL SECTION - Entry 1 - garrett_adler ##########################
Pat!
First off, let me just say that everything is ok and Linda is fine.
Today I decided to try some of that new flavor from Custard and Cream that you had in your freezer (I hope that’s ok…) and quickly left the room to excuse myself. Maybe creamy treats aren’t the best for my lactose intolerance, but I love them so! Well when I returned to the room Linda had decided it was time for a custard bender and had climbed all the way inside the, at this point nearly empty, bucket of custard.
At this point Linda began singing White Room by Cream and Girls Like That by Custard. I knew I needed to get her to the vet to make sure she was ok, but you have to appreciate it’s not every day you see a parakeet hopped up on Custard and Cream, and singing the hits by the bands Custard and Cream! I’m sure you’re used to it by now, but in case you needed a pick me up today, I took some videos of her singing her little heart out and uploaded them [here](malicious link #1).
Following Linda’s performance I got her in her cage and brought her over to the closest veterinarian, who thoroughly examined her and helped to clean some of the custard off of her. They assured me that while Linda might have had a slightly upset stomach from the custard overload, there are no major concerns. The veterinarian’s office has uploaded their notes [here](malicious link #2), along with the bill for Linda's services. Don’t worry I took care of the bill already!
Thank you for entrusting me with Linda's care. It's an absolute joy to spend time with such a talented and entertaining companion. I hope those pictures and videos of Linda brighten your day a bit and again, I really do apologize for letting Linda indulge in her Custard fantasies!
Warm regards,
Pet Sitter
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 2 - rrunner
########################## BACKSTORY SECTION - Entry 2 - rrunner ##########################
Pat Conline will be the target of interest in this submission. This individual was selected based on the likelihood of them taking the bait, being a clicky clickster and divulging the desired information. This assumption is based on Pat's comments in an article stating "I'll be the first to admit that I'm not the most computer-literate person out there" and "I don't know much about the technical side of things". Based on this individuals profile, they work directly with the company owner and Sales team. My hope is they are an individual that would have the authority to process orders/invoices individually or have an established connection with someone in the company that is appointed to do so. This assumption is mostly based on the CMO's responsibility of "overseeing all of the company's advertising and marketing efforts" also found in the mentioned article. With that in mind, I can also assume they maintain a sound and/or friendly relationship with third-parties that I intend to make additional targets. My goal was to use simple SE techniques to get Pat to click and provide creds in a timely manner so that I would be able to exploit their mailboxes accordingly. The motivation for this phish was to get paid, having zero interest in gaining a foothold in DCC's network.
Objectives: 1) Exploit Pat Conline's current job functions, goals of implementation and lack of computer knowledge to obtain work email and/or personal email credentials. 2) Determine Big Phish in comms patterns, i.e, history of internal monies, clients and customers. 3) Craft vishing emails for further cred harvesting, continuing to target common contacts and/or request payment via invoice, failed transaction(s), etc.
Plan of Attack: A phishing email was tailored primarily for our initial target in an attempt to gain the victims immediate interest, suggest a sense of urgency and get them to click. My first instinct was to target the CEO but figured the CMO would be more likely to attend the "con", have similar intel here, oh and click... The links provided in the phish will have 1 of 2 results: 1) The target is redirected to a sign-up URL, requesting them to sign up as a Vendor and provide PII, PCI (via donation), work and personal email, etc. 2) The target is redirected to a cloned website meant to provide validity to the email claims, as well as provide psuedo contact information on said references which will be methods to contact yours truly. For context, the malicious website is meant to log all user inputs and store them in a DB for additional shenanigans; when being asked for email information the target will be asked to select from seperate mail provider links, which will then redirect them to a cloned login page of their choosing.
"WE'RE IN": Assuming we have been able to obtain Pat's creds and login to the desired mailbox(s) we'll need to add some inbound rules to work in our favor. First, we'll want to try to redirect all inbound mail to our email: commissionofcream@proton.me. In addition, some inbound filters can be applied to the targeted mailboxes to temporarily hide comms and maybe enabling 2FA on a burner device wouldn't hurt persistence. This process will be continued for all third-party mailboxes in the event credentials are obtained. Primitive but could be effective for off-hours attacks. We may even try something like copy/paste the original phishing email from Pat's mailbox to the CEO as a quick grab for their credentials, PII, or PCI as well.
########################## E-MAIL SECTION - Entry 2 - rrunner ##########################
Subject: Join the Chilliest Conference in Town!
Calling all Cream Connoisseurs,
I scream, you scream, we all scream for... an opportunity of a lifetime! We are reaching out to referred customers, clients and companies alike with a scoop-tacular offer that will leave you creaming for more!
As a representative of the Nevada Commission of Cream, I could not wait to begin our outreach campaign regarding our most recent scoop, the First Annual Cream Con! I am very excited to invite your company as one of our honored guests and flavor Vendors! This frozen extravaganza is a celebration of all things chilly, creamy and utterly delicious. Brace yourself, because the ultimate gathering of cream enthusiasts is just around the corner and will be held in the heart of Las Vegas!
Cream Con will be taking place from August 10-13, 2023 and you will have the opportunity to represent your organization at the coolest event this summer. But have I mentioned the cherry on top? The first 10 companies to sign-up with our promotional referral code, will become a registered Vendor at No Additional Cost! But wait, there's more... As a conference vendor, your company representatives will have unlimited access to our premier ice cream, gelato and custard buffet featuring an array of brand new flavors, toppings and sauce options.
Now, you may be wondering, what makes this conference a must-attend for all ice cream aficionados? Allow me to sprinkle you with some mouthwatering details:
1. Cold Confection Connection: Socialize with Nevada's frozen family in our chill-out area where like-minded creamers can mingle with fellow enthusiasts, share laughs, and make lifelong connections with people who understand your unyielding passion for chill desserts.
2. Custard Clash Showdown: Witness a fierce competition as custard crusaders battle it out for the prestigious Golden Whisk award. Marvel at their mesmerizing techniques, their velvety smooth creations, and the occasional custard-related pun that will make you giggle like a jolly sundae lover.
3. The Cone Chronicles: Dive into the fascinating history of ice cream cones as we unravel the mysteries behind this beloved vessel of frozen bliss. From the humble beginnings of the wafer cone to the invention of waffle cones, get ready to be schooled in the art of cone creation and consumption.
Plus so many more! And if that's not enough to convince you, the marketing, exposure and networking opportunities alone are typically valued over $9,000.00 - Don't let this opportunity melt away! So, mark your calendar, stock up on napkins, and get ready for the Commission of Cream's First Annual Cream Con!
Your Sweet Tooth Senses are Tingling! Sign-Up with the Vendor link Below https://www.nvcreamcommission.com/VendorSignUp
REFERRAL CODE: KDFN-WKH-SODQHW
Please note, you will be asked to sign-in to your email to accept our upcoming newscast calendar invite - This is entirely optional but will be beneficial for receiving real-time updates regarding confirmation of the conference location and participating vendors.
Check out our Official Sponsors and Community Outreach Volunteers!
Dairy Council of Nevada - 2165 Blue Vista Dr, #206A Sparks, NV 89431 https://nvmiIkanddairy.com/ - Lisa Larson llarson@nevadamiIk.com 281-330-8004
University of Nevada, Las Vegas - 4505 S. Maryland Pkwy. Las Vegas, NV 89154 https://www.un1v.edu/sociology/comm-outreaches - (702) 867-5309
Chillin' with anticipation,
The Commission of Cream
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 3 - birdbird
########################## BACKSTORY SECTION - Entry 3 - birdbird ##########################
For this phish, I am attempting a two-pronged attack that really aims to push incredulity for us, while existing in the universe I’m creating. Pat and Julia are of particular interest to me.
Initial Assumptions: As a single location brick-and-mortar bakery, they are a close-knit group. Although they specialize in custard and cream, they sell other things; They want to drum up press to facilitate expansion; Given their graduation years, they are all around 26-27 years old; As Zillenials, they are internet-cautious (especially Johnny) but also very aware of entertainment for advertising, a la “All PR is good PR”; Julia (+ others) would like to publish a cookbook
Key Assumptions: Pat is an AVID bird enthusiast. She believes she can teach Linda to talk, and regularly attends Parrot Kindergarten (this is a real thing for birds, beyond parrots); Pat is single; Tech-dummy Pat has easily researched, public, poorly protected social media + the bakery IG must have someone they follow with a public IG that can be used for research; As business owners, their emails will be easy to find (OSINT: search, common formats, data breaches)
I did take some liberties in assuming that Pat love-loves birds and is single, but I think that the rest of my assumptions are logical generation-based conclusions as someone in the same age group. Given Johnny is a security professional, he’s right out to target. But Pat readily admits she’s the least tech savvy. Furthermore, she has a niche hobby that I can use to establish familiarity. Although she’s not a baker herself, I envision she either has some rudimentary skills, or if she doesn’t, she still clicks the link to talk and see if perhaps Julia or Johnny would be a good fit, directly forwards the email (hopefully just) to Julia who clicks it because it feels a little more credible when passed on that way.
I think that even Johnny, a security professional, might fall for it if Pat just passes it on as “my friend reached out to me, but I don’t know if I’m good enough to go on…but maybe you are” and I think that since Pat and the bakery are looking to expand, they’ll be more interested in this opportunity, because of the press potential. Even if Pat isn’t single, she may still click for her parakeet to make a friend and even for the sake of PR a baker may pretend to be single.
Now, I could have just done a general baking show casting call or I could have made it just a custard baking show rather than all baked goods but I love the absurdity of dating shows and I have faith that although they specialize in custard, they know how to do non-custards but would also make the most of the opportunity to show off custard so good it makes someone fall in love—I mean, what a great accolade!
After the target clicks the email, I imagine that a variety of things could happen, including downloading a malicious file that would compromise the user device. But I think I’d like to really play the long game here or maybe turn this into a pig butchering scheme. So I’d take them to an actual calendar view but require them to logon to say, gmail, to view. I’d spoof an overlay of the logon page, let it redirect to the right one after they enter their info and hopefully get their email PWD. And once it’s scheduled, I’d send an email with a Skype link. I’m choosing Skype because it’s less common nowadays, doesn’t use 2FA and is linked to MSOffice accounts. Same deal, spoofed page, steal IDs, redirect. Now I have two logons and access to all of their documents and emails. Could at this point do a low-code ransom, just change their PWDs, copy their cloud, delete everything…Sucks to be a sucker
########################## E-MAIL SECTION - Entry 3 - birdbird ##########################
Hi Pat,
It was so good to connect with you at Parrot Kindergarten’s event last month. There were so many people there, but my Luly really took a shine to Linda. I need to make it back to another class. Anyways, I remember you mentioning you were looking for innovative ways to drum up some business for your bakery and I actually just got tapped to cast for a new show. Stay with me, but it’s a variation on Love is Blind and Great British Bake-Off. We’re casting for a new show called Pastry Perfect Partner. Since we’re already acquainted, I wanted to reach out to you more personally about coming on this show, if you have some time for a call. But I’ve attached the standard intro spiel I give at the bottom.
Keep this between you and me, but Paul Hollywood the moderator! ;)
Do you want to put some time on my calendar to talk about this? Maybe we can set up a parakeet date too :) http://bit.lyz/12345abcd
Find the icing to your cake, the sprinkle to your donut, the chocolate chip to your cookie! Kinetic Love, the studio behind shows like Love is Blind, The Ultimatum, and Married at First Sight is now casting for a new show, Perfect Pastry Partner!
On this show, amazing bakers from around the world match whisks and lock lips. Will it be love at first bite, or will you need to sugar up your fellow fudge aficionados? In this competition, ten bakeries send their best to blind bake for their fellow contestants, and if it feels dulce de right-che to both of you then PPP will send you on a P-P-Perfect date!
Over a period of three weeks, you’ll be invited to make your signature pastries and pick a partner based off theirs. You’ll then be challenged to make their signature dish. Everyone will be challenged to make a few classics as well. Then, you’ll go on dates with the person who’s perfect pastries you appreciate most assuming they like yours too! But twists upon twists, batman! You have no idea what they look like, your only basis for choosing a partner will be their pastry. Each week you will be blind baking in a private studio kitchen. Maybe you’ll match with a different person each time, or maybe you’ll consistently love each other’s creations. PPP challenges you to show off your personality through the art of food. Are you ready?
Although there’s no prize money, as this isn’t a competition for anything (besides love!), Pastry Perfect Partner is looking to collaborate with participating bakeries at the end to release a promotional cookbook with both signatures and notable spins on classic pastries that will be featured in the show. There will be a royalty sharing agreement and opportunity for future partnership, sponsorship, and brand deals.
As a part of the show, we’ll also be taking cameras to each bakery to give the audience a feel for who they’re rooting for in addition to several on-set interviews. We also recognize that sometimes, inspiration doesn’t strike fast so if you choose to participate, we’ll give you six weeks to prepare and perfect what you’ll be showcasing.
Please, if you have any questions don’t hesitate to email me back.
Your Custard Comrade(s),
Chun (and Luly!)
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 4 - makeithackin
########################## BACKSTORY SECTION - Entry 4 - makeithackin ##########################
On the neon-bathed stretch of the Las Vegas Strip, nestled amidst colossal casinos and world-class restaurants, lies DEFCON Custard and Cream. This dessert oasis is where creamy dreams come true for all sweet-toothed visitors, but the most amusing events are unfolding behind the scenes.
Pat Conline, the Chief Marketing Officer, is the entrepreneurial genius behind DEFCON's tantalizing marketing. Her expertise has brought a windfall of customers, each succumbing to the siren call of the delicious custard. Pat’s brilliance, however, fizzles when it comes to technology - give her a computer, and she’s as lost as a penguin in the Sahara. In her free time, she pours her affection on Linda, her pet parakeet, who Pat half-jokingly credits as her marketing muse.
Meanwhile, Johnny "Red" Packard, the Chief Information Officer, is the tech maestro behind DEFCON. With fiery red hair as vibrant as his passion for technology, Johnny ensures the company's IT systems are as smooth as their signature custard. His hands, which can fix a coding glitch as easily as they can whip up a heavenly custard, are blissfully unaware of the mischief being plotted against him.
Enter Max "Magic" Madison, a notorious prankster and lover of custard. His favorite time of the year? April Fool's Day, when he weaves his most humorous plots. Max isn't a part of DEFCON, but he happened to have lunch next to Pat and Johnny one day and overheard their conversation about work, Linda, and technology. Max's love for good humor and pranks set his eyes on hacking the company in order to generate his own custard gift cards. All he needs to do is execute some code on Pat's computer and then he'll be swimming in cream.
This year, Max has set his sights on Pat and Johnny. His plan? Draft an email to Pat, masquerading as Johnny, introducing an all-new, entirely fictitious, marketing tool. Max has studied Johnny's email style well enough to imitate it, aiming to convince Pat that the tool is real. Max will change the email headers to make it appear the email is coming from Johnny. Max knows DEFCON's email system may flag the email with an "unverified sender" label, but he's counting on Pat not spotting the difference. He's also registered a fictitious website using the new ".zip" domain, so that he can craft the URL with a legitimate domain in the beginning.
Max is counting on two things: Pat's well-known struggle with technology and her respect for Johnny's expertise. He imagines Pat, furrowing her brow and murmuring to Linda, trying to decipher the concept of this tool. Max plans to include a link that, when clicked, will execute a browser exploit on Pat's computer and give him remote code execution.
In this twist of events, the DEFCON Custard and Cream team unknowingly become the main characters in Max's phish. It's a testament to their camaraderie, proving that even amid the hustle of running a successful dessert shop, they need to be on the lookout for people that aren't so sweet.
########################## E-MAIL SECTION - Entry 4 - makeithackin ##########################
Subject: A Dollop of Imagination: Get Ready for "CustardCanvas"
Dear Pat,
Hope this email finds you well, and Linda hasn’t flown off with your custard stash again! I'm writing to you with news hotter than our freshly-made waffle cones. It seems that my coding adventures have taken a turn towards the sweet side, and I may have created something that might just be our ticket to Confectionery Hall of Fame (if there isn't one, there should be, right?)
Ladies and gentlebirds, introducing "CustardCanvas" - a tool designed to help visualize and whip up revolutionary custard flavors faster than Linda can squawk at a shiny object. We're talking peanut butter pickle swirl, orange espresso explosion, and maybe even a parakeet pistachio. Okay, maybe not that last one.
Think of CustardCanvas as a secret sauce (pun intended) to our marketing strategy. With just a few clicks, you'll be creating digital campaigns that will have our customers drooling on their keyboards and rushing to our stores. Plus, the user interface is so easy even Linda could probably navigate it - though we may need to scale down the mouse for her.
To get you acquainted with CustardCanvas, I've created a comprehensive guide. It’s so easy to understand, even our frozen custard machine could get it. You can check it out by clicking on this link.
https://DefconCustardAndCream.com/em...tardCanvas.zip
Can't wait to see what flavor frenzy you'll create with CustardCanvas. Who knows, we might end up with a DEFCON custard flavor that’s as unique and beloved as Linda's chirps in the morning!
Best,
Johnny
================================================== ==========
-------------------------------------------------------------------------------------------------------------------------------
ENTRANT 5 - danmulvey
########################## BACKSTORY SECTION - Entry 5 - danmulvey ##########################
I figured I would take the middle path, leaning heavily on the Jester side of things. I have imagined that a small company like this would be in a shared building, so I have imagined an innocent neighboring business that I will use as my initial story. Starting here, I crafted an email chain between the neighbor (with their emergency maintenance request - tasty custard and cream seeping through the walls) and property management. I figured it wouldn't seem too out of the ordinary for property management to loop our targets in to the message in order to get to the bottom of things. Since I'm crafting this message to target the CEO I figured the combination of a drastic failure of new equipment and procedures (specifically designed to work without the presence of staff), and the blocking issue of needing approval for maintenance to enter the space, it shouldn't be too unreasonable for her to click through without noticing the clearly fake domain name. I added in that the CIO would like the "approval code", which will actually be the CEOs 2FA code - generated by passing the credentials from my malicious website to whatever account I am actually trying to access (after logging them of course!).
########################## E-MAIL SECTION - Entry 5 - danmulvey ##########################
================================================== ===
Subject: Urgent Maintenance Request
From: jpackard@defconcreams.com
To: jculter@defconcreams.com
Body:
Good evening Julia,
I received a message from building management this evening and it seems that our new automated system has run into some problems. I touched base with the sales team and it seems that our wholesale team processed their usual grocery store accounts through the new automated system, which has not been tested for this type of load. Our office neighbor (bless her heart) is now battling a wave of tasty cream, and building management needs our approval to enter the space with an inspector before they can begin repairing the damaged walls. If you could log in to their maintenance portal and give approval we can get this behind us and continue working on automated cream service for our wonderful customers. Here is the link for the maintenance portal, once you approve the request please forward the confirmation code to me so that I can log this in our incident report logs.
http://defconcreanns.com/maint_request.php
Thank you!
- Red
|| Subject: RE: RE: RE: URGENT: leaking walls in multiple units
|| From: property-management@realoffices.com
|| To: jpackard@defconcreams.com
||
|| Body:
|| Mr. Packard - looping you in on this, have you noticed any irregularities in your automated cream packers?
|| || From: property-management@realoffices.com
|| || To: joanne@kittenknitten.com
|| || Subject: RE: URGENT MAINTENANCE NEEDED
|| || Body:
|| || Joanne-
|| || Thank you for notifying us of this issue. As the building is not insulated, there is no chance that your
|| || precious kittens have eaten insulation. Perhaps the business in the unit next to yours can shed some light || || on this. They produce creams and custards - based on the outrageous amount they are paying in rent, their || || product must be selling well so I am not surprised that your kittens would be enjoying the extra product
|| || that has made it to your unit. I know they are testing a new automated ordering/packing/shipping system,
|| || perhaps there are still some issues with the volume of sales during the off hours. We will send someone out || || immediately (with a spoon perhaps!).
|| || Thank you
|| || - Management
|| || || Forwarded From: joanne@kittenknitten.com
|| || || Subject: URGENT MAINTENANCE NEEDED
|| || || Hello Miss Krampel,
|| || || When I arrived to the office this evening to feed my cats, I noticed what seems to be some sort of
|| || || insulation expanding from the walls in my kitten knitting room. Several kittens have already eaten some || || || of the insulation and I am worried for their health. Without the kittens as my muses, I have no
|| || || business - so you can see how upsetting this situation is for me.
|| || || Please send someone to fix this as soon as possible, there are too many kittens for me to hold them all || || || andI can't stop them from licking what I assume is toxic insulation.
|| || || Thank you,
|| || || Joanne
======== END EMAIL SECTION =============================================
-------------------------------------------------------------------------------------------------------------------------------