Unraveling the Threads of USPS Smishing and Fighting Back - Reverse Engineering SMS Phishing Kits

Dive into a DEF CON conference talk that exposes the technical intricacies of combating SMS phishing campaigns targeting USPS customers during the holiday season. Learn how vulnerabilities in smishing kits sold by the 'Smishing Triad' were discovered and exploited through web application testing and reverse engineering techniques. Explore the methodology used to gain access to over 40 admin panels, leading to the recovery of 390,000+ stolen credit card details and crucial information about the perpetrators, including their login IPs, usernames, and cracked passwords. Understand the step-by-step process of reverse engineering the phishing kit, identifying security flaws, and systematically collecting both victim and administrator data across more than 900 unique domains.