malvertizing like a pro
TRANSCRIPT
![Page 1: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/1.jpg)
Malvertizing Like a PROA JUMP INTO THE NEWEST ATTACK VECTORTAKING IT TO THE NEXT LEVEL
![Page 2: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/2.jpg)
Introduction
• Pen-Tester with Veris Group • Previous ARMY• How to find me:
• @Killswitch_GUI• CyberSyndicates.com
![Page 3: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/3.jpg)
Warning!What I'm not:
A SME in Malware or Reverse Engineering Part of a Cyber Crime ring performing this everyday
What this is: My take on Ad based malware My journey on how I would execute it Pure speculation of what's open source
What we will cover Ad Based Malware Touch of OSINT My Campaign Methods and Failure
ALL DATA Collected using Open Source methods
![Page 4: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/4.jpg)
Overview Forming an attack based on
Strategic Malvertising using targeting principles What is Malvertising What's Malvertising vs Strategic Malvertising What makes this so important ( What don't I
already know) Potential methods it can be used to conduct social
engineering How to target specific completely unknown, specific
individuals within a demographic group? How effective it is and is it worth the resources
required?
![Page 5: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/5.jpg)
Current Malware Trends Phishing still effective Major increase in Ad Delivery - 350% Secondary and Trusted C2 being used
(Covert C2) Duke / Cloud Duke Toolsets Twitter / OneDrive / Cloud Storage
Web Exploit Kits from years ago still working C2 is becoming difficult to detect
Out of Band Communications Implied Trust (WE WILL COVER THIS)
Notable Cases : APT 29: HAMERTOSS Flash Zero Day Ad Based
![Page 6: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/6.jpg)
Talking money
Delivering malware to generate AD traffic Text / HTML AD’s Video AD’$
Delivering Randsomware Crypto
Legit Business cost publishers more than $21.8 billion in
2015 in lost revenue
![Page 7: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/7.jpg)
Impacting Legit Business
![Page 8: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/8.jpg)
What is Malvertizing? It is the use and abuse of Ad services
for attackers to deliver malicious content, using ad service providers vast network of audience. They can leverage this legitimate function to distribute their malware.
Many forms of malware based ad-ware attacks exist Compromised Ad-Companies Impersonation of legitimate companies Malware being hosted in AD’s Legitimate Targeted campaigns
![Page 9: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/9.jpg)
Core Fundamentals Major players
Google Facebook* Microsoft
Main Types of Delivery methods Social media marketing Sponsored search
Compensation methods CPM (cost per mille) CPE (cost per engagement) CPC (cost per click) CPV (cost per view)
![Page 10: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/10.jpg)
Core Fundamentals Cont. Ease of deployment (availability)
The targeting platform Is already built
Benefits of Web Ad’s: Cost – There is a reason why AD
profits are in the Billions Measurable – Powerful analytics and
cross platform support is built Targeted?
![Page 11: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/11.jpg)
Big Data Analytics Analytical engines at your finger
tips Broad – Zip code Specific – Job title
Extremely Accurate Most Ad-Delivery systems display
potential reach Target research methods
We give our data away for free..
![Page 12: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/12.jpg)
Malvertizing in the Wild AD injection:
Exploitation of routers and redirecting DNS Attacker can simply redirect normal AD
traffic query's and place their AD in play This has been used to replace Google analytics JS
code and ADs
Passive Collection of AD data capabilities of Ad / Tracking
This data can be sold or used for other Intelligence Collection Campaign's
Canadian ISP was caught MITM in 2014 stealing data from HTTP AD traffic
![Page 13: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/13.jpg)
Malvertizing in the WildExploit within AD traffic:
Using obfuscated flash exploits attacks are able to launch exploits from legit AD’s
Exploit AD Companies: Campaign is put in motion after
gaining access to AD serving organization
Redirects traffic to Exploit Kit Drop Exploit Kit of choice: Angler etc.
Begins Click Fraud activity
![Page 14: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/14.jpg)
Malvertizing in the Wild
AD Fraud Exploit Kits:Increasing dramatically!Powelike’s: later versions
sported Ad-Clicking Component Kovter:
Evolved from stand alone to fully deployable with other exploit kits like Angler, Nuclear Pack
Allows for even Flash based Video Ads to be played for high ROI
![Page 15: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/15.jpg)
Blue Team / Defenders So why should I care?
Online attack surface has greatly reduced Phishing is still Hot! Circumventing millions in security: email /
Phishing With that comes every vendor in the sector with:
Sandbox appliances Content Filtering Spam Filters
Delivery method is trusted: Do you block Twitter / Facebook / Google? Reputable sites?
AD Delivery / C2 Chanel all on one platform Good luck finding that
![Page 16: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/16.jpg)
Systematic problem
Why it isn’t a Script Kiddy solution Why it has to be funded..
It takes money to make money ROI - It makes more money than
put in? Implied Trust of many Ad-Agency’s
and sites using their services
![Page 17: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/17.jpg)
My take on AD Delivery
![Page 18: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/18.jpg)
My Methodology / Target Selection
DemographicNomination
TargetSelection
SE/OSINTResearch
Campaign Development
Reputation Development
Deployment
![Page 19: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/19.jpg)
Digging into Targeting
![Page 20: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/20.jpg)
Calculating Reach Reach is an important factor of
targeting Gives you a metric to calculate potential
demographic Need to judge a organizations size /
Facility Activity / increases or presence? Employees Geographical location
Important concept for OSINT Will I even have impact?
![Page 21: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/21.jpg)
Recon / Sampling reach
![Page 22: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/22.jpg)
Selecting a Sample Cont.
![Page 23: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/23.jpg)
OSINT Open Source Intelligence Collection
Applications Used in many types of operations
Penetration Testing Physical Assessments Targeting
Levels: Physical - Things we can touch and see Logical - Things over the wire Individual- Persona Layer / Exploiting the nature of
Humans
![Page 24: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/24.jpg)
Questions that Need to Asked
What time frame will be effective? Work Hours: After Hours:
What System will I be targeting to reach my target audience Mobile Platform:
We may even be able to target exact OS Desktop OS Laptop Users traveling?
May not be patched for a short period of time
![Page 25: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/25.jpg)
Need to deliver based on schedule? No Prob!
![Page 26: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/26.jpg)
Exploit only works on XP or exact OS, on IE ? No Prob!
![Page 27: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/27.jpg)
Mobile Exploit? Certain Mobile OS? By Brand?
![Page 28: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/28.jpg)
Exact mobile brand? Exact Model!?
Yea this is scary granularity!
![Page 29: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/29.jpg)
Power of Big Data Targeting
Small Meta-Data that is data… WIGLE
WIGLE + compromised Host = Potential Geographical location
Orientate an attacker Can be done with so many methods…
Query registry for past locations Ability to build a timeline (Forensic Capability)
Social-Mention HONEY BADGER – Tim Tomes
![Page 30: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/30.jpg)
Power of OSINT ICWATCH:
https://transparencytoolkit.org https://github.com/transparencytoolkit
![Page 31: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/31.jpg)
Don’t Suggest that but..
![Page 32: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/32.jpg)
Think Nation State? “Hacking Team” - Beat a dead
horse anyone? De Anonomonyzing Location
based on WLAN interface Un-Cloaking physical Locations
![Page 33: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/33.jpg)
Offensive Targeting Imagine a world where you could
deploy your malware only to people: Making 100k+ Work for: “fill in agency here”?
More advanced campaigns being deployed? Crime Collection
Could support the IC effort of many countries Getting into deep water..
![Page 34: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/34.jpg)
Traditional Targeting Phishing Campaigns –Social Engineering
for *clicks*
![Page 35: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/35.jpg)
Phishing Very Common / Known
Methodology Very successful on engagements
This Same principle is how I created AD’s Changing surface / Constraint of phishing
Lack ability to pin point demographics The days of dumping every user in directory using ( * )
may be gone Training increased / Trust has decreased in email TONS OF APPLIANCES protecting email! SPF Records / Correctly configured Mail servers verifying
multiple fields of mail
![Page 36: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/36.jpg)
Combined with a touch of SE
Same principles as Phishing Move over
Trending Results using Facebook Selecting SE topic Using topic
![Page 37: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/37.jpg)
That SEO thing Another Great SE technique to get a
campaign off the ground Another important aspect to SE or Any
Targeting. You wouldn't’t launch a Phishing Campaign saying
your Marketing coming from it-support.net Using SEO Tools to build (BUY):
Instant Reputation Instant Legitimacy
I attempted this but sadly during testing FB cracked down!
![Page 38: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/38.jpg)
What this means
I can now target at a: Physical Layer Logical Layer
I can correlate targets Using Demographics Location Jobs / workplace / salary etc.
![Page 39: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/39.jpg)
One Week Campaign
![Page 40: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/40.jpg)
Setup
Domain Name (Something Reliable)
VPS (Hosting) / Apache Vhost’s / Static Content
Analytics (Google-Analytics) Ad Campaign (Facebook)
$20 a campaign A good idea to SE
![Page 41: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/41.jpg)
SE AD Targets
Augusta, GA – Broad Target AD Any one in 25mi Range
Augusta, GA – Targeted Demographic AD Any one in 25mi Range Employer Specific Time Range
AD Types: Web-Site clicks Post Promotion
![Page 42: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/42.jpg)
Setup Analytics
![Page 43: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/43.jpg)
Building a Relevant Page Targets: Augusta, GA Target Demographic: Cyber /
Location Based
![Page 44: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/44.jpg)
Building AD #1 – Broad Target
Select Control :
How do I get them to take notice? Tag-Line : Needed to be something Impactful Deceiving: Had to be Believable but wont
deliver 100% truth. Enticing Image: Most important Aspect,
everyone loves images
![Page 45: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/45.jpg)
Build out Clone Site Used Httrack for cloning of legit
Data.. FB has too catch this!
![Page 46: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/46.jpg)
Build out Config Left these for testing their
“Review”
Put in some Meta Tags for Picture Population
Removed all the original Google Tracking JS so we don’t pop up under their account.
![Page 47: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/47.jpg)
Ad #1 Videos are very successful
marketing tools Can be easy wins
![Page 48: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/48.jpg)
AD #1 – Not so fast
They actually enforce some polices I found out :/
![Page 49: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/49.jpg)
AD #1 Cont.
![Page 50: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/50.jpg)
AD #1 Setup
![Page 51: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/51.jpg)
AD #1 Optimization
![Page 52: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/52.jpg)
AD #1 Optimization cont.
![Page 53: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/53.jpg)
AD 2# Setup
http://chronicle.augusta.com/news/business/2014-02-27/cyber-general-touts-benefits-fort-gordon-growth
![Page 54: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/54.jpg)
AD #2 – Targeted Demographics
Selected Topic / Control: Certain location “Fort Gordon”
Target: How do I get them to take notice?
Tag-Line : Home Values “I may have some inside knowledge”
Hint: Its about what a ton of people talk about in this area.
Deceiving: Large Increase coming! Target Details Matter for Accuracy:
Life Style Devices / Platform Work hours
![Page 55: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/55.jpg)
![Page 56: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/56.jpg)
Website? Lets test that review process:
Submit a simple WordPress page with a embedded video. Than remove for the duration of the test
Host a simple index.html with JS for GA Questions that should be asked
and how the relate to malware: Will they detect this major change? Can some one even report a shady link? How long will it stay up?
![Page 57: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/57.jpg)
AD #2 Demographics
![Page 58: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/58.jpg)
AD #2 Configurations / AD Placement
![Page 59: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/59.jpg)
AD #1 Analytics
![Page 60: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/60.jpg)
Drilling Down on Geo GA makes Geographic analytics streamlined and
Accurate down to the city 25 mi range on Augusta, GA seems pretty
accurate!
![Page 61: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/61.jpg)
Service Providers Makes tracking specific targets quite helpful Tracking user agents in GA is simple
![Page 62: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/62.jpg)
AD #2 Analytics - Web Clicks
![Page 63: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/63.jpg)
Geographic Stats
![Page 64: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/64.jpg)
(not set)
![Page 65: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/65.jpg)
Am I really Hitting my Target?
Geographically its easy to say “YES” Accurate GEOIP API services by google
What about Demographic: Harder to determine true accuracy Service Providers can be a major Identifier if they
use a certain ISP or have their own! Page Interaction can be a HUGE
identifier Likes Comments
![Page 66: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/66.jpg)
Am I really Hitting my Target? (not set)
Found 95 sessions of 273 to be (not Set) as the ISP…
Could this be proper filtering / Ammonization? Take the time and verify your results
Also always resolve domain name! This data was reassuring that I was on the right
track
![Page 67: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/67.jpg)
Am I really Hitting my Target cont.
Facebook Likes / Comments: Helps performs post analysis of
the target audience All 8x likes where affiliated with
my target audience.
![Page 68: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/68.jpg)
Putting it in Context One guy with limited funds and some time Conducted 2 Ad campaigns
Each campaign took 6 hours from OSINT to Delivery Each campaign ran one week at $20 each Campaign 1 had 143 engagements, 2k reach Campaign 2 had 219 engagements, 3k reach
Calculation: Well funded group with 10k budget for a campaign and 160
hours. On avg .09 cents per unique engagement
Potential = 26 unique AD’s , 111,111 Engagements, and 1.5M Reach!
I would consider this extremely effective mean of a targeted campaign.
![Page 69: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/69.jpg)
Major Findings Review process is a joke:
Couldn’t detect a clearly cloned website by static HTML source
The cloned website still had complete favicon / logos / static source of the cloned website
Do they even scan for malware? Continued monitoring
Set up a page and immediately removed it and replaced with a simple index.html page with JS
Ran for one week and didn't’t raise one flag? I can simply submit an ad and host malware 10 mins
latter?
![Page 70: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/70.jpg)
Are Ad-Agency’s protecting us
Google Moving to Encrypted Ads June 30th Only Protects Ad injection at the network
layer (Compromised Routers) Facebook
RiskIQ - monitoring advertising pages to protect users from malicious ads
Interesting collegial research on detecting cloned pages
![Page 71: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/71.jpg)
Getting The Most out a Campaign Tip’s
Proper recon is crucial Proper SE campaign must be
relevant with your target. Holistic view of an ad:
How do I view ad’s as a user? What do I click on and what do I not? Videos / Posts / News
CPC Compensation
![Page 72: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/72.jpg)
![Page 73: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/73.jpg)
Twitter How I Hate you Rule one: Don’t buy bots and get
caught in the Sec industry
@jaredcatkinson
![Page 74: Malvertizing Like a PRO](https://reader036.vdocuments.mx/reader036/viewer/2022070602/5879621c1a28ab1e388b66d3/html5/thumbnails/74.jpg)
Lessons Learned
Twitter is a news source not so much of a social source. Although they have just as powerful analytic
engines when it comes to AD delivery Scary Easy to run a simple yet
targeted campaign with relatively accurate results
• Big shout out to:• @Slacker007 – keelyn roberts• @Hashtagcyber – Matt Domko