Overview
Explore advanced phishing detection techniques using perceptual hashing in this conference talk from AppSecUSA 2014. Delve into current approaches to combating phishing attacks and discover a novel method presented alongside a new tool. Learn about various perceptual hashing algorithms and their application in identifying malicious sites impersonating popular platforms like PayPal and Amazon. Gain insights into code collection, malicious site identification, and a browser extension designed to leverage these techniques. Understand the differences between spam and phishing, examine cybercrime costs, and critically evaluate modern anti-phishing advice. Investigate perimeter defenses, domain name strategies, and the intricacies of perceptual hashing, including quantization, resizing, and discrete cosine transform. Explore concepts such as difference hash, Hamming distance, and web rendering in the context of phishing detection. Discover optimizations and practical applications through real-world examples like the Ice Bucket Challenge.
Syllabus
Introduction
What is Phishing
Spam vs Fishing
Fishing Stats
Advancements
Cost of cybercrime
Bad modern advice
Perimeter defenses
Domain names
Perceptual hashing
Quantize
Resize
Discrete cosine transform
Difference hash
Hamming distance
Threat Glass
Web Rendering
Ice Bucket Challenge
Image Extraction
Known Good Sites
Optimizations
Taught by
OWASP Foundation