Google Event Injection - Tradecraft Security Weekly 20 Tradecraft Security Weekly (Audio)
-
- Technology
Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place.
Links:
Blog Post: https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place.
Links:
Blog Post: https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
13 min