13 min

Google Event Injection - Tradecraft Security Weekly 20 Tradecraft Security Weekly (Audio)

    • Technology

Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place.
Links:
Blog Post: https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/

  • Copyright Security Weekly

Google provides the ability to automatically add events to a calendar directly from emails received by Gmail. This provides a unique situation for phishing attempts as most users haven't been trained to watch their calendar events for social engineering attempts. In this episode Beau Bullock (@dafthack) and Michael Felch (@ustayready) show how to inject events into a targets calendar using MailSniper bypassing some security controls that Google has in place.
Links:
Blog Post: https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/

13 min

  • Copyright Security Weekly

Top Podcasts In Technology

Acquired
Acquired
Ben Gilbert and David Rosenthal
All-In with Chamath, Jason, Sacks & Friedberg
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Hard Fork
Hard Fork
The New York Times
TED Radio Hour
TED Radio Hour
NPR
Lex Fridman Podcast
Lex Fridman Podcast
Lex Fridman
Darknet Diaries
Darknet Diaries
Jack Rhysider