Discover and read the best of Twitter Threads about #phishingkit

Most recents (2)

(THREAD): Did you find a #phishing page or a piece of #malware using @telegram for exfil? Here are some useful techniques to grab additional intel on these artifacts. @JCyberSec_ @sysgoblin @dave_daves @PhishKitTracker @urlscanio @nullcookies @ninoseki
1/9 Look for any strings or traffic that call out to api.telegram.org . If you see something like: 'api.telegram[.]org/bot12345:base64key/endpoint?chat_id=-12345', you're in business
Read 11 tweets
:: Phishing Hunting Thread ::

This is a thread about how to hunt and find #Phishing sites.
Retweets would be great to help spread the knowledge and please add your own techniques, ideas and suggestions.

Let's go hunting!
Firstly we need a site to use as a pivot. I have attached a number of sources at the bottom of this thread. For demonstration purposes we will use this site ::

hxxp://www.new.froid-guyader.fr/libraries/sharepointcontract/

This is a #Phishing site against Microsoft Office
Initially let's see if there is a #PhishingKit or #OpenDir on the domain. Enumeration on the domain is important. This is a example of sites to load and see ::

- hxxp://www.new.froid-guyader.fr/libraries/
- hxxp://www.new.froid-guyader.fr/
- hxxp://www.froid-guyader.fr/
Read 16 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!