Jul 10, 2024, 08:08 PM
Drink Like a Phish, How to Make Your Phishing Sites Blend In
As you read this, bots are coming to find and destroy your phishing sites. You need to protect them before it’s too late! But how?
A phishing page is no good if our targets never get to see it. After bypassing the secure email gateway, convincing a user to click our link, and bypassing any link crawlers, the last “user outbound” control we need to circumvent is the corporate web proxy. Frequently, organizations will choose to route all of their web traffic (HTTP and HTTPS) through a proxy to block known-bad websites, monitor users, and implement data loss prevention (DLP) on web resources. For phishing, our main concern is staying off the known-bad list. That means we need to avoid being crawled by services that might categorize us as malicious and sound the alarm for others before we even send out the phishing campaign. We also need to avoid tell-tails that might trigger a proxy to identify our content as malicious in real time.
[size=1]As you read this, bots are coming to find and destroy your phishing sites. You need to protect them before it’s too late! But how?[/size]
https://posts.specterops.io/drink-like-a...e91d0b5677
A phishing page is no good if our targets never get to see it. After bypassing the secure email gateway, convincing a user to click our link, and bypassing any link crawlers, the last “user outbound” control we need to circumvent is the corporate web proxy. Frequently, organizations will choose to route all of their web traffic (HTTP and HTTPS) through a proxy to block known-bad websites, monitor users, and implement data loss prevention (DLP) on web resources. For phishing, our main concern is staying off the known-bad list. That means we need to avoid being crawled by services that might categorize us as malicious and sound the alarm for others before we even send out the phishing campaign. We also need to avoid tell-tails that might trigger a proxy to identify our content as malicious in real time.
As you read this, bots are coming to find and destroy your phishing sites. You need to protect them before it’s too late! But how?
A phishing page is no good if our targets never get to see it. After bypassing the secure email gateway, convincing a user to click our link, and bypassing any link crawlers, the last “user outbound” control we need to circumvent is the corporate web proxy. Frequently, organizations will choose to route all of their web traffic (HTTP and HTTPS) through a proxy to block known-bad websites, monitor users, and implement data loss prevention (DLP) on web resources. For phishing, our main concern is staying off the known-bad list. That means we need to avoid being crawled by services that might categorize us as malicious and sound the alarm for others before we even send out the phishing campaign. We also need to avoid tell-tails that might trigger a proxy to identify our content as malicious in real time.
[size=1]As you read this, bots are coming to find and destroy your phishing sites. You need to protect them before it’s too late! But how?[/size]
https://posts.specterops.io/drink-like-a...e91d0b5677
A phishing page is no good if our targets never get to see it. After bypassing the secure email gateway, convincing a user to click our link, and bypassing any link crawlers, the last “user outbound” control we need to circumvent is the corporate web proxy. Frequently, organizations will choose to route all of their web traffic (HTTP and HTTPS) through a proxy to block known-bad websites, monitor users, and implement data loss prevention (DLP) on web resources. For phishing, our main concern is staying off the known-bad list. That means we need to avoid being crawled by services that might categorize us as malicious and sound the alarm for others before we even send out the phishing campaign. We also need to avoid tell-tails that might trigger a proxy to identify our content as malicious in real time.