BalCCon2k24

Don't ask me how I spent my first €300, I can explain the rest
2024-09-21, 16:45–17:15 (Europe/Belgrade), Tesla

Search engine advertising, a service designed to help businesses reach a wide audience, has been increasingly targeted for malicious purposes. Over a three-month period, I created a website that converts different file formats and advertised it using Google Ads. Users were informed in the Terms of Service about the data collection practices. This presentation will detail how advertising services can be misused by malicious actors to obtain private and classified documents. The entire process behind this study and the results of the advertising campaign will be explained.

Selim is an experienced Offensive Security Engineer with over a decade of expertise in red teaming and penetration testing for Fortune 500 companies. He specializes in simulating advanced persistent threats and identifying vulnerabilities to improve organizational security. He holds certifications including OSCP, OSEP, and CISSP, and tries to be an active contributor to the cybersecurity community. He is dedicated to advancing his skills and staying current with the latest trends in cyber threats and defenses