How to Investigate Phishing Campaigns

This is intended to be a comprehensive walkthrough of an OSINT-based methodology the speaker uses for investigating phishing websites: * Checking IP addresses - their basic details, reputation, associated services and domains, etc. * Researching DNS records and DnS variations * Examining the technology stack - what makes a particular website and what clues can be found within * Webpage SHA256 hash examination - when can it be useful, when it can't and why * Google tags examination and related metadata (if present) * Security certificates - what makes them useful for OSINT * Navigating the webpage's source code / "the F12 hacking" * Favicon search * Other forms of interaction for gleaning live data (where applicable) To read Maciej's blog post about a large phishing campaign using a Kr3pto phishkit - https://ift.tt/bS9Y4ED About the Speaker Maciej Makowski - Infosec & OSINT blogger. Ex law enforcement. Graduate of University College Dublin and National College of Ireland. Author of osintme.com, a blog on OSINT & digital privacy. View upcoming Summits: https://ift.tt/tQ07u6R Download the presentation slides (SANS account required) at https://ift.tt/RXAucZE #OSINTSummit #OSINT
For more hacking info and tutorials visit: https://ift.tt/yHfOCaN
Hello and welcome to the temple of cybersecurity. Now you are watching How to Investigate Phishing Campaigns published at May 26, 2022 at 02:00AM. If you are looking for tutorials and all the news about the world of hacking and computer security, you have come to the right place. We invite you to subscribe to our newsletter in the box at the top and to follow us on our social networks:
NFT store: https://mintable.app/u/cha0smagick
Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/5SmaP39rdM



Ignore tags:
#hacking,#infosec,#tutorial,#bugbounty,#threat,#hunting,#pentest,#hacked,#ethical,#hacker,#cyber,#learn,#security,#computer,#pc,#news