Red Phish, Blue Phish: Improved Phishing Detection Using Perceptual Hashing

Presented at AppSec USA 2014, Sept. 18, 2014, 2 p.m. (45 minutes)

While lacking the sex appeal of memory corruption based attacks, phishing remains a problem for many end users. Defenses against phishing have not advanced significantly. We will discuss current approaches to phishing detection, and present a new one along with accompanying tool.

We will discuss several perceptual hashing algorithms, and describe how we can leverage them to detect phishing sites masquerading as popular sites such as Paypal, Amazon, and others.

Code to collect and identify these malicious sites, and a browser extension leveraging will be explained, demonstrated and released for attendee use and study.

Presenters:

• Daniel Peck - Principle Research Scientist - Barracuda Networks
  Peck is principle research scientist at Barracuda Networks, he is currently focused on studying uses of social networks as a medium for attacks. Previous research includes comparing content and non content based systems to identify malicious accounts on Twitter/Facebook, exploiting programmable logic controllers, and identifying/classifying malicious javascript. Peck has a Bachelor's of Science in Computer Science from the Georgia Institute of Technology.

Links:

• https://owaspappsecusa2014.sched.com/event/NvwT5r/red-phish-blue-phish-improved-phishing-detection-using-perceptual-hashing
• https://www.youtube.com/watch?v=5FIpKTtyvgA

Similar Presentations:

• DerbyCon 3.0 All in the Family (2013) / Phishing Frenzy: 7 seconds from hook to sinker
• DerbyCon 3.0 All in the Family (2013) / Phishing Like The Pros
• THOTCON 0x5 (2014) / Phishing Frenzy: 7 seconds from hook to sinker