SAINTCON 2016 - Chris Larsen - Phishing with Dynamite

Detect phishing attacks by recognizing unusual domain names, and learn how to create spear phishing emails that mimic legitimate websites, targeting developers' credentials.

Key takeaways
  • We can recognize phishing attacks by looking for unusual domain names, especially those that end in .zip, .date, .stream, .top, .tld. These names are often used for spear phishing, trying to get developers to reuse their credentials.
  • It’s possible to create a spear phishing email that looks innocent, even with a legitimate domain name, but with a fake URL ending in .zip, .date, etc.
  • Domain name squatting is a common issue, where companies register domain names to resell them as subdomains. This can be used for malicious purposes, such as spear phishing.
  • We can use Unicode characters to create domain names that are difficult to recognize, making it harder to detect phishing attacks.
  • We can also use JavaScript to intercept clicks and pop up a dialogue box, making it seem like a legitimate website.
  • Spear phishing attacks are more successful when they target developers, as they tend to reuse their credentials.
  • We can use browser console to intercept events and simulate user input, making it possible to test phishing attacks in a controlled environment.
  • Domain name squatting can be used for both legitimate and malicious purposes.

More talks

Adaptive Socio-Technical Systems with Architecture for Flow • Susanne Kaiser • YOW! 2023

LeadDev Broadcasts - Tackling the build vs buy conundrum

Angular Learning Guide Part 1 with Lukas Ruebbelke| Roadmap to Learning Angular | ng-conf

An introduction to DDD - Rob Allen

Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models

SAINTCON 2023 - Trevor O'Donnal - Red vs Blue: The Eternal Arms Race

Data Mesh: Data-Driven Value at Scale • Zhamak Dehghani & Samia Rahman

AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers