RuhrSec 2017: 'Teach a Man to Phish and You Feed Him for a Lifetime', Armin Buescher

preview_player
Показать описание
Phishing might seem like a simple attack vector relying on gullible users to happily give up their credentials. When digging deeper into the topic however, one will find many interesting aspects of phishing that have not been widely reported.

This talk will dive into the analysis of so-called phishing kits: archives of server-side (mostly PHP) code that can be used to quickly turn a compromised or launched server into a phishing ground for the selected target. Leveraging the phishing detection capabilities of our team, we crawled known compromised servers and were able to download over five thousand phishing kits over the last couple of months.

Being able to analyze the server-side source code of phishing pages at large scale yields insights into the workings of phishing campaigns and opens new possibilities to the motivated security researcher:
- Finding and abusing bugs in the kits
- Evading evasion
- Automating the creation of robust detection
- Geographically tracking the phishers
  1. Hackmanit – IT Security
  2. RuhrSec
Рекомендации по теме
RuhrSec 2017: 'Teach 0:37:48

RuhrSec 2017: 'Teach a Man to Phish and You Feed Him for a Lifetime', Armin Buescher

RuhrSec 2017: 'Secrets 0:43:43

RuhrSec 2017: 'Secrets of the Google Vulnerability Reward Program', Krzysztof Kotowicz

RuhrSec 2017: 'Five 0:41:06

RuhrSec 2017: 'Five Years of Android Security Research: the Good, the Bad...', Dr. Sven Bu...

RuhrSec 2017: 'SSH: 0:45:45

RuhrSec 2017: 'SSH: Beyond Confidentiality and Integrity in Practice', Prof Dr. Kenny Pate...

RuhrSec 2017: 'Black-Box 0:41:57

RuhrSec 2017: 'Black-Box Security Analysis of State Machine Implementations', Dr. Joeri de...

RuhrSec 2017: 'Keynote: 0:44:45

RuhrSec 2017: 'Keynote: How to Build Hardware Trojans', Prof. Dr. Christof Paar

RuhrSec 2018: 'The 0:31:27

RuhrSec 2018: 'The ROBOT Attack', Hanno Böck

RuhrSec 2017: 'The 0:41:29

RuhrSec 2017: 'The (In)Security of Automotive Remote Keyless Entry Systems...', Dr. David ...

RuhrSec 2016: 'The 0:43:53

RuhrSec 2016: 'The DROWN Attack', Sebastian Schinzel

RuhrSec 2017: 'How 0:39:32

RuhrSec 2017: 'How to Hack Your Printer', Jens Müller

RuhrSec 2017: 'Advanced 0:19:56

RuhrSec 2017: 'Advanced SSL/TLS Deployment Strategies', Frederik Braun

RuhrSec 2016: Opening 0:10:28

RuhrSec 2016: Opening by Marcus Niemietz

RuhrSec 2018: 'Keynote: 0:43:14

RuhrSec 2018: 'Keynote: Weird machines, exploitability and unexploitability', Thomas Dulli...

RuhrSec 2016: 'Hacking 0:45:31

RuhrSec 2016: 'Hacking with Unicode in 2016', Mathias Bynens

RuhrSec 2023 // 0:41:49

RuhrSec 2023 // CPU Fuzzing: Automatic Discovery of... Daniel Weber and Michael Schwarz

Veit Hailperin, The 0:34:16

Veit Hailperin, The Tale of a Fameless but Widespread Web Vulnerability Class - Security Fest 2016

RuhrSec 2019: 'Browser 0:38:47

RuhrSec 2019: 'Browser fingerprinting: past, present and possible future', Dr. Pierre Lape...

#days: Andrei Costin: 1:00:10

#days: Andrei Costin: Hacking Printers: 10 years of public research and lessons learned

#HITB2017AMS D1T1 - 0:56:56

#HITB2017AMS D1T1 - Drammer: The Making Of - Victor van der Veen

USENIX Enigma 2016 0:20:11

USENIX Enigma 2016 - ToStaticHTML for Everyone! About DOMPurify, ...

RuhrSec 2016: 'Eavesdropping 0:38:54

RuhrSec 2016: 'Eavesdropping on WebRTC Communication with Funny Cat Pictures', Martin John...

Hello From the 0:57:17

Hello From the Other Side: SSH Over Robust Cache Covert Channels in the Cloud

hardwear.io | Christof 0:08:05

hardwear.io | Christof Paar | Pentester Academy

BlueHat IL 2018 0:43:43

BlueHat IL 2018 - Daniel Gruss, Moritz Lipp & Michael Schwarz - The Case of Spectre and Meltdown