Hunting Phish Kits

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, 3 p.m. (30 minutes)

New phishing websites are setup every few seconds with intentions on stealing your credentials, infecting your system, or convincing you via social engineering. Most of these sites are distributed and deployed through (mostly crude) automation which usually results in attackers leaving their kits behind. During this talk we will walk through what phish kits are, why they are important for security research, and how you can automate identifying these kits in the wild.

Presenters:

• Josh Rickard
  Josh Rickard serves as a security research engineer at Swimlane. He is a GIAC Certified Windows Security Administrator (GCWN) and GIAC Certified Forensic Analyst (GCFA). He has a diverse background ranging from system administration to digital forensics and incident response to managing teams and products. As a Windows security expert, Josh focuses on creating tools to help defend and automate everyday processes using PowerShell and Python. You can engage with Josh via his blog, letsautomate.it, or Twitter at @MSAdministrator.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Hunting Phish Kits Josh Rickard.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Hunting Phish Kits Josh Rickard.eng.srt (subtitles)
• https://www.youtube.com/watch?v=bLBRwVNs1R8

Similar Presentations:

• VB2016 / Inside Exploit Kits
• Hackfest 2016 / Exploit Kits: The Biggest Threat You Know Nothing About
• GrrCON 2018 / Murky Waters: Diving into Phishing Kits