Announcing KIT Intel 📣
🎉A Phishing Kit Intelligence Platform
“Understand the threat actors' playbook and capabilities”
#KITIntel
🧵 THREAD ⤵️
🎉A Phishing Kit Intelligence Platform
“Understand the threat actors' playbook and capabilities”
#KITIntel
🧵 THREAD ⤵️
KIT Intel is a tool for phishing kit research...at scale.
📁 Upload, Analyze, Cluster, and Research phishing kits like never before.
📁 Upload, Analyze, Cluster, and Research phishing kits like never before.
🔎 Phishing kits are a wealth of untapped intelligence.
If you deal with phishing you need this tool in your arsenal 👈
KIT Intel gives you the ability to hunt, pivot, and discover new phishing kit activity across our full dataset.
If you deal with phishing you need this tool in your arsenal 👈
KIT Intel gives you the ability to hunt, pivot, and discover new phishing kit activity across our full dataset.
👓 Let me show you around the tool...
🖥️ KIT Intel is all API driven.
Use the power of the command line
Plug KIT Intel straight into existing workflows
Automate, automate, automate... 🤖
🖥️ KIT Intel is all API driven.
Use the power of the command line
Plug KIT Intel straight into existing workflows
Automate, automate, automate... 🤖
KIT Intel has 3 endpoints🚦
🔴 Search- Look, hunt, and discover on any data point within a phishing kit
🟡 Submit- Push phishing kits to be analyzed and parsed. How many new kits can you discover?
🟢 Content- Download any files you want. Pull the threat actors source code SAFELY
🔴 Search- Look, hunt, and discover on any data point within a phishing kit
🟡 Submit- Push phishing kits to be analyzed and parsed. How many new kits can you discover?
🟢 Content- Download any files you want. Pull the threat actors source code SAFELY
Sounds interesting? Wait until you see what it can do live.
🔍 Let's go...!
🔍 Let's go...!
Using the free CLI tool we can easily search through all our phishing kits at once...
📂🔍
Here we are searching for a kit hash. And we can see we have a hit.
📂🔍
Here we are searching for a kit hash. And we can see we have a hit.
Next we can pull back all the files contained within that one particular phishing kit 🗄️
Anti-bot files are frequently reused in multiple kits and with KIT Intel it is trivial to see which kits share the same file overlaps 📌
We are able to search for file hashes and then see which kits contain the same files within them.
📓 We have found one particular anti-bot file has been used in over 56 unique kits.
We can now use this information moving forwards...
📓 We have found one particular anti-bot file has been used in over 56 unique kits.
We can now use this information moving forwards...
We can also use KIT Intel to search for code content. We can search every single file in every single phishing kit for a single piece of code...
🦾
🥷 Let's look for a threat actors alias - 'xbalti'
🦾
🥷 Let's look for a threat actors alias - 'xbalti'
Here we see we have hundreds of thousands of files which feature this string.
We can download this file using the content endpoint to see the raw code content 🔭
We can download this file using the content endpoint to see the raw code content 🔭
We can also perform other pivots in our data such as looking for filenames 📎
We can easily find kits which feature the same filename such as 'configg.php'
We can easily find kits which feature the same filename such as 'configg.php'
But what about directory or folder name overlaps 📁
We can search them as well!
Let's easily search for all kits which have the directory name '/ci_assetz/'
We can search them as well!
Let's easily search for all kits which have the directory name '/ci_assetz/'
📩 Now let's look at the submission part.
If we have a phishing kit we can easily push this into KIT Intel with one command.
If we have a phishing kit we can easily push this into KIT Intel with one command.
📩Interested in a trial? Send me a DM with your corporate email and I'll help you get started.
Note: KIT Intel is a commercial offering. We hope to provide a free license for individuals in the future✔️
Note: KIT Intel is a commercial offering. We hope to provide a free license for individuals in the future✔️
If you have any questions feel free to DM me.
Follow me to see more pivots and phishing KIT Intel ♻️
✅This project wouldn't have been possible without @WMCGInsights backing
Thanks!
👍
#phishing #KITIntel #phishingKits
Follow me to see more pivots and phishing KIT Intel ♻️
✅This project wouldn't have been possible without @WMCGInsights backing
Thanks!
👍
#phishing #KITIntel #phishingKits
• • •
Missing some Tweet in this thread? You can try to
force a refresh
