Online Becks Japan meetup features anti-phishing.
- This event will be hosted on Zoom Webinar.
- All the talks will be spoken in English.
|No Silver Bullet - The many ways to smell a Phish||Johannes Gilger (urlscan.io)||19:00-20:00 (JST) / 11:00-12:00 (CET)|
|Introduction of Lookyloo||Raphaël Vinot and Quinn Norton||20:00-21:00 (JST) / 12:00-13:00 (CET)|
No Silver Bullet - The many ways to smell a Phish (by Johannes Gilger / urlscan.io)
Credential phishing via impersonated websites has emerged as one of the most prevalent attack vectors for crime targeting both consumers and business users. The highly dynamic nature of the web, lack of central control and ease of using web technologies makes it shockingly easy for threat actors to participate in the phishing landscape. The increasing pace means that the arms race between threat actors and security professionals is no longer just about stealth but also about speed.
In this talk we will look at the current state of the art in creating phishing pages as well as detecting them. We will discuss a variety of approaches for detecting those pages, including machine-learning. We will show the challenges each approach faces and explain why a combination of approaches is necessary to achieve good coverage.
Johannes has been working in InfoSec since 2011. His fondest memories are of playing and organising attack-defense CTF tournaments during his days at the university. After graduating, Johannes spent six years in the CrowdStrike Threat Intelligence team, managing the Intelligence Automation team and their data processing pipelines. In late 2016 Johannes created urlscan.io, a service to scan and analyse websites. At the beginning of 2020, he left CrowdStrike to work on urlscan full-time.
The audience for this talk is anyone with basic understanding of web fundamentals. The talk will be especially relevant for folks in SOC, IR and Threat Intel functions who are trying to understand the challenges with detecting malicious websites and URLs.
45m + QA
Introduction of Lookyloo (by Raphaël Vinot and Quinn Norton)
Lookyloo is the app for examining how websites work and correlating their resources, it makes the complicated and chaotic world of the web visible in ways that weren't possible before.
Websites are complex and getting more so. It is often difficult for anyone to know what goes on behind the scenes when they load a URL, with resources and scripts that come into their browser from many different vendors, ad networks, or even sketchy phishing infrastructure. It helps users map what happens when you load any specific URL.
Lookyloo can be used to investigate malicious websites -- we support for 3rd party services such as urlscan.io and VirusTotal to quickly identify malicious infrastructure, as well as indexing hashes for resources. But it is also a generic platform for anyone who wants to figure out all the ressources loaded on a specific URL. Lookyloo will show you where those resources come from, and how redirects are working. This can help you investigate privacy violations, phishing infrastructure, or ad networks, as a few examples. It will also show you just how chaotic the web can be.
There is a public demo interface that can be used by anyone. But as an opensource platform, Lookyloo is meant to run inside your own network. This is especially important when you're investigating targeted attacks, and don't want to tip off the attacker by using a 3rd party service. The app also supports passing internal authentication tokens, allowing you to see sites in the "logged in" state, but we hope you keep those captures inside your organisation.
Quinn Norton is a writer who likes to hang out in the dead end alleys and rough neighborhood of the Internet, where bad things can happen to defenseless little packets. She started studying hackers in 1995, after a wasted youth of Usenet and BBSing. Her writing tends towards science and technology, and her projects tend towards supporting journalists and activists. She has covered sci/tech, copyright law, robotics, body modification, digital politics, culture, and medicine, but no matter how many times she tries to leave, she always comes back to hackers.
Raphaël Vinot is a security researcher at the Computer Incident Response Center Luxembourg (CIRCL) since 2012. Raphaël wants to increase the IT consciousness of the human beings populating the internet in order to make it safer for everyone. His day job is a mixture of forensic and malware analysis with a lot of Python on top of it to glue all the pieces together. He loves sharing and thinks everyone should contribute to open source projects.
45m + QA