Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Catching Transparent Phish - Understanding and Detecting MITM Phishing Kits

OWASP Foundation via YouTube

Overview

Explore the evolving landscape of phishing attacks and defense mechanisms in this 58-minute conference talk. Delve into the anatomy of traditional phishing techniques and their limitations before examining the rise of Man-in-the-Middle (MITM) phishing toolkits. Analyze the threat model of MITM phishing and learn about network-level detection methods, including network timing analysis. Gain insights into MITM phishing toolkit classification, their prevalence on the web, and domain types commonly used. Investigate the lifecycle of MITM phishing websites through a case study of Palo Alto Networks. Discover server-side TLS fingerprinting techniques and explore effective countermeasures to protect against these sophisticated attacks. Conclude with a comprehensive understanding of the challenges and strategies in detecting and mitigating transparent phishing attempts.

Syllabus

Intro
The Value of Stolen Data
Anatomy of a Traditional Phishing Attack
Limitations of Traditional Phishing
Man-in-the-Middle (MITM) Phishing Toolkits
MITM Phishing Toolkit Threat Model
Network-Level Phishing Detection
Network Timing Analysis
MITM Phishing Toolkit Groundtruth
MITM Phishing Toolkit Classifier
MITM Phishing Toolkits on the Web
MITM Phishing Domain Types
MITM Phishing Website Lifecycle
Case Study: Palo Alto Networks
Server-side TLS Fingerprinting
Countermeasures
Conclusion

Taught by

OWASP Foundation

Reviews

Start your review of Catching Transparent Phish - Understanding and Detecting MITM Phishing Kits

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.