A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Building a Predictive Pipeline to Rapidly Detect Phishing Domains - Wes Connell (BSidesCharm 2018) (Hacking Illustrated Series InfoSec Tutorial Videos)

Building a Predictive Pipeline to Rapidly Detect Phishing Domains

Wes Connell
@wesleyraptor

BSidesCharm 2018
http://www.bsidescharm.com

Registering a new domain, requesting an SSL certificate, and installing it on the server got much cheaper for threat actors thanks to the LetsEncrypt Certificate Authority. Detecting new phishing domains has always been a reactive process for security teams; just like malware, one cannot provide threat intelligence on phishing domains before they're registered and operationalized. The development of CertStream adds an interesting dimension for how this process can be improved. SSL certificates, and the domains for which they are issued, can now be monitored in real-time. Security analysts have intuition on what a phishing domain looks like when they see it. Building a predictive pipeline to detect SSL certificates issued to new phishing domains can be accomplished very simply using supervised machine learning. In this talk, I'll introduce a Python-based framework for building this predictive pipeline from scratch.

Wes is especially motivated and passionate for dramatically improving data hunting tradecraft within the cyber security domain. He has a very broad range of technical interests - particularly in the securing hardware, software, systems, and networks. When he's not hacking the planet, he enjoys playing more golf than is healthy and painfully rooting for the Washington Capitals.

Back to BSidesCharm 2018 list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast