c 0 c 0 n 2 0 2 6

c0c0n is a 19 years old platform that is aimed at providing opportunities to showcase, educate, understand and spread awareness on Information Security, data protection, and privacy...

Venue & Date

Contact Us

Hook, Line, and Sinker: Exploring the Phishing Abyss

c0c0n 3-Day Professional Training

Comprehensive Technical Sessions and Skill Development Workshops

Objective

This intensive 3-day workshop takes participants on a deep dive into the full phishing attack chain, from initial reconnaissance all the way through post-exploitation, detection evasion, and incident response. Building on the previous edition delivered at c0c0n 2024, this edition expands the curriculum with a dedicated third day focused on detection, defensive strategies, and incident response, while also touching on emerging attack trends.

Participants will gain hands-on experience operating real phishing toolkits and frameworks used in modern red team engagements. They will learn how to craft convincing spear-phishing campaigns, bypass multi-factor authentication using Adversary-in-the-Middle (AitM) proxies, and move laterally within an environment after a successful credential harvest. The workshop also covers how modern cloud services and identity providers fit into the phishing picture, giving participants enough context to understand the risks without requiring cloud lab access.

The workshop bridges the gap between theory and practice: every topic is paired with lab exercises, live tool demonstrations, and a final CTF challenge that simulates a full-chain phishing engagement. By the end, participants will understand both how attackers operate and how defenders can detect and disrupt each stage of the attack.

The workshop also touches on how AI and LLM tools are increasingly shaping both attack and defence. Rather than deep technical dives, the focus is on awareness: understanding what is changing in the threat landscape and what that means for detection and security awareness programmes.

Course Content / Topics (Day wise):
  • Day 1: Foundations, Reconnaissance & Lure Craft
    • Phishing evolution: threat-actor case studies and the current attack landscape
    • Email security (SPF, DKIM, DMARC): how it works and how attackers bypass it
    • OSINT and target profiling: harvesting intel from open sources
    • Email spoofing: lookalike domains, homograph attacks, sub-domain abuse
    • Infrastructure setup: domain registration, DNS, SMTP hardening, categorisation evasion
    • Lure crafting: pretexting, urgency, authority bias and how AI tools are already lowering the bar for attackers
    • Phishing toolkits in practice
    • Lab: build and run a full phishing campaign against a simulated target
  • Day 2: AitM, MFA Bypass & Post-Exploitation
    • AitM concepts: how reverse proxies steal session cookies in real time
    • Muraena and NecroBrowser: hands-on configuration and operation
    • MFA bypass: TOTP relay, push fatigue, SIM-swap context
    • Session hijacking and token replay
    • Post-exploitation: persistence, lateral movement, data exfiltration
    • BEC scenarios: account takeover to wire-fraud chain
    • How cloud identity and OAuth flows are targeted (conceptual, no cloud lab required)
    • Lab: full AitM attack - harvest tokens, replay session, post-exploit
  • Day 3: Detection, Defence & Emerging Trends
    • Defensive email stack: gateway config, DMARC enforcement, link rewriting, sandboxing
    • Blue team detection: mail flow logs, identity anomalies, SIEM rules
    • Incident response: triage, containment, token revocation, forensic artefacts
    • Security awareness programme design: metrics and what actually works
    • Attacker evasion techniques (geofencing, fingerprinting, link ageing) from a defender's perspective
    • Emerging trends: AI-generated lures, deepfake vishing - what defenders need to know
    • Final CTF: multi-stage scenario combining reconnaissance, AitM, and post-exploitation
Pre-requisite

Basic understanding of how email and web protocols work. Comfort with the Linux command line. No prior red team or penetration testing experience required, though it helps.

Participants Requirements (Hardware / Software / Cloud Accounts, etc)

A pre-configured lab VM will be shared with registered participants ahead of the workshop. Attendees are expected to have it downloaded and running before day one.

Duration

3 days

Who should attend
    • Penetration testers and red teamers looking to sharpen their phishing tradecraft
    • Security engineers and blue teamers who want to understand phishing from the attacker's side
    • Incident responders who regularly deal with phishing-related compromises
    • Security awareness trainers who want to make their programmes more realistic and effective
What to expect
    • A fast-paced, hands-on workshop with more time in the lab than in the slides
    • Real tools used by red teams and threat actors in live engagements
    • Practical CTF challenges that reinforce each day's material
    • A structured view of the full phishing attack chain from an attacker and defender perspective
    • Awareness of how AI/LLM and deepfake techniques are shaping the threat landscape
    • Take-home lab materials, cheat sheets, and tool configurations
What not to expect
    • A general introduction to cybersecurity or basic networking concepts
    • Passive lecture-only sessions with no hands-on component
    • Coverage of topics outside the phishing domain (e.g., exploit development, binary analysis)
    • Guidance on conducting phishing attacks against unauthorised targets

Trainer

Giuseppe Trotta
Giuseppe Trotta (ohpe)

Principal Security Researcher, Malwarebytes

Training Information

  • Duration 3 Day Training
  • Dates 6th Oct, 2026 to 8th Oct, 2026
  • Time 09:30 IST - 17:30 IST
  • Venue Grand Hyatt, Bolgatty, Kochi, Kerala