Just like any other website, phishing sites can have security vulnerabilities.
But, for once, these security vulnerabilities are actually helpful for defenders: they can let us identify who has fallen victim to the phish, and sometimes even disrupt the site and prevent anyone else being phished.
This is a companion discussion topic for the original entry at https://phish.report/blog/top-phishing-kit-vulnerabilities
Since when does Phish.report have a blog?
Only a week or two! We’ve got lots of interesting things to talk about though so expect a steady trickle of posts from now on
There’s a small typo in the sentence “if the logs contain identifying details, remediate comrpomised accounts”. Great blog post though!
I’m using Burpsuite from time to time and have just found the Yara (rules) Burpsuite extension. Have you used this before?