Rutger Flohil
Ethical hacker / Red teamer @ Nederlandse Spoorwegen
Actions
Rutger Flohil began his career as a .NET developer, building a solid base in software development before switching gears to focus on cybersecurity. After gaining valuable experience in the Security Operations Center (SOC) of the Dutch TLD, he moved on to his current role as a Red Teamer at Dutch Railways (NS). Rutger enjoys the creative side of security, especially when it comes to writing offensive scripts in Python. Always curious and eager to learn, he’s passionate about discovering new techniques and fresh perspectives to tackle security challenges.
Area of Expertise
Topics
Getting your scope in control during a Quishing Red Teaming Assessment
Red teaming can be challenging especially when simulating real-world attacks like QR code phishing (“quishing”) within a tightly defined scope. How do you credibly launch a phishing campaign without wanting to know the specific targets, exposing sensitive information, or putting unintended users at risk?
This session offers a behind-the-scenes look at how our team tackled these constraints. We will dig into some opensource tools that can be used and some custom tweaks that we made to make it more secure / believable and the pitfalls you can hopefully avoid.
We will walk you through our attack chain: (1) Creating a phishing poster, (2) Using a customized EvilGinx instance to verify the scope, (3) Creating a believable landing page for our targets, and (4) Lessons learned and possible automated attacks.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top