2026-07-01 –, Room LW109
Websites are complex, they change all the time, it is extremely tedious to reproduce the load of one URL, especially when the malicious actors don't want you to probe their infrastructure.
During this workshop, we will look at techniques used by malicious actors to trick unsuspecting users, find phishing campaigns, and see a lot of slop.
This workshop will cover the basics of Lookyloo, and Lacus, the infrastructure and use-cases:
- Capturing a website or rendering an HTML document
- Detailing the capture settings, different browsers
- Browser instrumentation and / or headfull capture
- Socks5 Proxies
- Init scripts post rendering
- Monitoring
- Automatic reporting
- Why using Lacus
- Onion / I2P support
You may have attended talks or workshops about lookyloo in the last few years, but we implemented many new features int he last year.
- Indexing, pivot and search across the dataset
- Forensic acquisition with Trusted Timestamps (RFC3161)
- Use of Iframes in the tree, export rendered iFrames contents
- Proton VPN support for proxies
- Automatic and manual categorization on submission
Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.