Announcement

Collapse
No announcement yet.

Demo Lab - jeopardize

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Demo Lab - jeopardize


    Target Audience: Defense

    Jeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates (typosquatting, homograph etc.), analyzes them and assigns a risk score to them. After then, it sends valid-looking credentials to the login forms on those phishing sites. Main goals are to confuse the attackers and to buy organizations some time to take precautions.

    Detailed Explanation of Tool:
    Jeopardize tool is developed to provide basic threat intelligence&response capabilities against phishing domains at the minimum cost as possible. It detects registered phishing domain candidates (typosquatting, homograph etc.), analyzes them and assigns a risk score to them. After then, it sends valid-looking credentials to the login forms on those phishing sites.

    Why? Imagine this scenario: Attacker registers a phishing domain, acmebnak.com (Typosquatting of acmebank), copies the original acmebank.com's login form there and advertises this domain via sponsored tweets. This ad and the domain probably will be marked as phishing in the next day but the attacker has already harvested credentials from users. Taking it down after this won't help the affected users. Jeopardize provides a proactive solution to this problem. It jeopardizes the phishing form with valid-looking credentials to confuse the attacker. This will buy organizations some time to take precautions.

    ATTACKER+-----advertises+
    | +---------------+
    | | |
    +--------v-------+ +----------------+ | |
    |twitter.com/ads | |acmebnak.com | | 549233/ahs72 +------>FAKE
    +----------------+ +----------------+ | |
    | | | | | 398273/pass1 +------>FAKE
    | AcmeBank +-->+ username: +-------+ |
    | Tax Refunds | | password: | | 393823/sm283 +------>LEGIT
    | | | | | |
    +--------^-------+ +----------------+ | 394837/azerb +------>FAKE
    | ^ | |
    VICTIM USER+-----clicks-+ |sends | |
    |fake creds +---------------+
    +
    JEOPARDIZE


    Developer Bio: Utku Sen is a security researcher who is mostly focused on application security, network security and tool development. He presented his different tools and researches in Black Hat USA Arsenal, DEF CON Demo Labs, Packet Hacking Village and Recon Village in the recent years. He's also nominated for Pwnie Awards on "Best Backdoor" category in 2016. He is currently working for HackerOne.
    PGP key: dtangent@defcon.org valid 2020 Jan 15, to 2024 Jan 01 Fingerprint: BC5B CD9A C609 1B6B CD81 9636 D7C6 E96C FE66 156A
Working...
X