Just like any other website, phishing sites can have security vulnerabilities.
But, for once, these security vulnerabilities are actually helpful for defenders: they can let us identify who has fallen victim to the phish, and sometimes even disrupt the site and prevent anyone else being phished.
This is a companion discussion topic for the original entry at https://phish.report/blog/top-phishing-kit-vulnerabilities
2 Likes
Since when does Phish.report have a blog?
1 Like
Only a week or two! We’ve got lots of interesting things to talk about though so expect a steady trickle of posts from now on
3 Likes
There’s a small typo in the sentence “if the logs contain identifying details, remediate comrpomised accounts”. Great blog post though!
1 Like
I’m using Burpsuite from time to time and have just found the Yara (rules) Burpsuite extension. Have you used this before?