[Advent of IOK: Day 2] Detecting domain generation algorithms

Phishing sites (hopefully) have a short lifespan before they're detected and taken down. At which point the phisher registers a new domain and starts the process all over again.

Some phishers automate this process using a script which automatically registers new domains. Once you figure out the pattern, you can quickly find every new domain, just based on the name.

This is a companion discussion topic for the original entry at https://phish.report/iok/learn/020-domain-generation

https://regex101.com/ is a great resource for testing regular expressions (and working out why they don’t match)

An example solution: