Blog: Top 4 security vulnerabilities we see in phishing kits

Just like any other website, phishing sites can have security vulnerabilities. But, for once, these security vulnerabilities are actually helpful for defenders: they can let us identify who has fallen victim to the phish, and sometimes even disrupt the site and prevent anyone else being phished.

This is a companion discussion topic for the original entry at

Since when does have a blog?

1 Like

Only a week or two! We’ve got lots of interesting things to talk about though so expect a steady trickle of posts from now on


There’s a small typo in the sentence “if the logs contain identifying details, remediate comrpomised accounts”. Great blog post though!

1 Like

Fixed it, thank you!

I’m using Burpsuite from time to time and have just found the Yara (rules) Burpsuite extension. Have you used this before?