Discover and read the best of Twitter Threads about #PhishingKit
Most recents (2)
(THREAD): Did you find a #phishing page or a piece of #malware using @telegram for exfil? Here are some useful techniques to grab additional intel on these artifacts. @JCyberSec_ @sysgoblin @dave_daves @PhishKitTracker @urlscanio @nullcookies @ninoseki 
1/9 Look for any strings or traffic that call out to api.telegram.org . If you see something like: 'api.telegram[.]org/bot12345:base64key/endpoint?chat_id=-12345', you're in business
:: Phishing Hunting Thread ::
This is a thread about how to hunt and find #Phishing sites.
Retweets would be great to help spread the knowledge and please add your own techniques, ideas and suggestions.
Let's go hunting!
This is a thread about how to hunt and find #Phishing sites.
Retweets would be great to help spread the knowledge and please add your own techniques, ideas and suggestions.
Let's go hunting!
Firstly we need a site to use as a pivot. I have attached a number of sources at the bottom of this thread. For demonstration purposes we will use this site ::
hxxp://www.new.froid-guyader.fr/libraries/sharepointcontract/
This is a #Phishing site against Microsoft Office
hxxp://www.new.froid-guyader.fr/libraries/sharepointcontract/
This is a #Phishing site against Microsoft Office
Initially let's see if there is a #PhishingKit or #OpenDir on the domain. Enumeration on the domain is important. This is a example of sites to load and see ::
- hxxp://www.new.froid-guyader.fr/libraries/
- hxxp://www.new.froid-guyader.fr/
- hxxp://www.froid-guyader.fr/
- hxxp://www.new.froid-guyader.fr/libraries/
- hxxp://www.new.froid-guyader.fr/
- hxxp://www.froid-guyader.fr/
