From Zero to Phishing in 60 seconds presented at BSidesTLV 2017

by Luda Lazar,

Summary : In the recent years phishing activity has grown rapidly, with thousands of phishing sites popping for a virtual moment that last weeks, days or even hours, before becoming ineffective, either getting blacklisted by security providers, or brought down by Internet providers and authorities, or (in most cases) both. In order to keep up with this dynamics, a significant portion of the phishing activity relies on phishing kits – software packages that allow quick and easy deployment of a new phishing site. In this talk we will give a glimpse to the world of phishing kits. We will present several phishing kits, and show how they facilitate easy creation of the phishing site, collection framework for the victims’ credentials, and simple configuration for the entire system. We will focus on families of kits which according to our comparison analysis are at least related to each other, or even derived from the same source.