2024-07-05, 09:20–09:55 (Europe/Paris), Amphitheater
Over the years I've been working on the phishing threat, starting from scratch, I've had to create several tools for detection, investigation of the URLs or actors behind these threats, but also material recuperation (phishing kits). Today, I'd like to introduce you to these different tools, their benefits and how they can be used on a day-to-day basis.
This talk will present a whole suite of tools created to detect, enrich and analyze phishing URLs, the hardware used and the associated ecosystem:
- PhishingKitHunter: dedicated to detecting phishing URLs using files hosted on legitimate infrastructure.
- StalkPhish-OSS: dedicated to the investigation and detection of phishing URLs using OSINT feeds, the information gathered is then enriched. This tool is particularly interesting as it collects phishing kit sources when they are left on servers.
- PhishingKit-Yara-Rules: And since using StalkPhish-OSS you may be retrieving dozens of phishing kits on a daily basis, these Yara rules (over 600 at present) enable you to sort these kits, qualify the authors and determine the nature of the information harvested.
To take things a step further, we'll look at how to exploit the various types of information gathered to uncover some of the players, and their ecosystems, behind these phishing campaigns.
Security expert, founder at StalkPhish, CERT analyst. I do tools, investigations, awareness, I try to help protect. Co-orga of 'feu' Hackito Ergo Sum and other stuff.