Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ PhishingKitTracker - Let's Track Phishing Kits To Give To Research Community Raw Material To Stud

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š PhishingKitTracker - Let's Track Phishing Kits To Give To Research Community Raw Material To Stud


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: feedproxy.google.com


An extensible and freshly updated collection of phishingkits for forensics and future analysis topped with simple stats

Disclaimer
This repository holds a collection of Phishing Kits used by criminals to steal user information. Almost every file into the raw folder is malicious so I strongly recommend you to neither open these files, nor misuse the code to prank your friends. Playing with these kits may lead to irreversible consequences which may affect anything from personal data to passwords and banking information.
I am not responsible for any damage caused by the malware inside my repository and your negligence in general.

NB: Large File System Hahead
PhishingKitTracker is stored into Git Large File System (git-lfs) due to the big amount of data tracked. You should install git-lfs before cloning this repository.

RAW Data
In raw folder are tracked the Phishing Kits in the original format. No manipulation are involved in that data. A backend script goes over malicious harvested websites (harvesting from common sources) and checks if Phishing Kits are in there. In a positive case (if a PhishingKit is found) the resulting file is downloaded and instantly added to that folder. This folder is tracked by using Git Large File System since many files are bigger than 100MB. The "RAW Data" is a quite unexplored land, you would find many interesting topics with high probability. Please remember to cite that work if you find something from here, it would be very appreciated.

STATS
In stats folder are maintained two up-to-date files:
  1. files_name it holds the frequency of the found file-names associate with kits. In other words every phishing kit is saved on the phishing host with a name. filke_name keeps track about every file names and its frequency. If you are wondering why am I not tracking hashes, is because phishing kits are big compressed archives, so it would make no sense at this stage since they always differ each other (but check in src folder for additional information)
  2. sites hols the frequency of the hosting domain names. In other words where the phishing kit was found. No duplicates are tracked by meaning that the frequency and the file names are unique. So for example if you see something like: 3 li.humanbiomics-project.org it means that in li.humanbiomics-project.org have been found three different Phishing Kits over time. Both of these files have been generate by simple bash scripts like:
  • ls raw/ | cut -d'_' -f1 | uniq -c | sort -bgr > stats/sites.txt
  • ls raw/ | cut -d'_' -f2 | uniq -c | sort -bgr > stats/files_name.txt
these scripts are run on every commit making files inline with the raw folder.
On the other side a file called similarity.csv is provided with a tremendous delay due to the vast amount of time in generating it. That file provides the similarity between the tracked Phishing Kits. It's a simple CSV file so that you can import it on your favorite spreadsheet and make graphs, statistics or manipulate it in the way you prefer.

SIMILARITY.CSV structure
The similarity structure is like the following one: FileA,FileB,SimilarityAVG,SimilarityMin,SimilarityMax where:
  • FileA is PhishingKit which is considered in that analysis.
  • FileB is the PhishingKit to be compared to PhishingKit FileA
  • SimilarityAVG is the Average in similarity. That average is calculated by computing the similarity check to every single (interesting) file in the PhishingKit archive (FileA) to every single (interesting) file in the PhishingKit archive to be compared (FileB)
  • SimilarityMin is the lowest similarity value found between PhishingKitA and PhishingKitB
  • SimilarityMax is the highest similarity value found between PhishingKitA and PhishingKitB
If you want to generate similarity.csv by your own I provide a simple and dirty script into the src folder. So far it has several limitations (for example it computes ZIP only files). please make pull requests for improving and empower it. Each contribute would be very helpful.

SRC
Please check those variables (compute_similarity.py) and change them at your will.
EXTENSION_FOR_ANALYSIS = ['.html','.js','.vbs','.xls','.xlsm','.doc','.docm', '.ps1']
OUTPUT_FILE = 'similarity.csv'
RAW_FOLDER = '/tmp/raw/'
TEMP_FOLDER = '/tmp/tt'
Once you've changed them you can run the script and take a long rest. It will navigate through the RAW_FOLDER, grab the .zip files and tries to compute code similarity between them. At the very end it will save results into OUTPUT_FILE. From now you can import such a a file into your favorite spreadsheet processor and elaborate the code similarity.
So far the python script is able to only compare zip tracked phishingkit, for different compressed format it's still work in progress.
NB: The Python script is in a super early stage of development. Please help to improve it.

How to contribute
Introducing the walking script for different compression formats. In other words if you want to contribute you can write a new section such as the following one (code_similarity.py) but for different compression extensions such as: .tar.gz, .tar, .rar. /7z and so on and so forth.
# Extracts Zip files based on EXTENSION_FOR_ANALYSIS. It returns the etire file
# path for future works
def extractZipAndReturnsIntereistingFiles(file_to_extract):
interesting_files = []
n_interesting_files = []
try:
with ZipFile(file_to_extract, 'r') as zipObj:
listOfFileNames = zipObj.namelist()
for fileName in listOfFileNames:
for ext in EXTENSION_FOR_ANALYSIS:
if fileName.endswith(ext):
try:
zipObj.extract(fileName, TEMP_FOLDER)
interesting_files.append(os.path.join(TEMP_FOLDER, fileName))
except Exception as e:
continue
else:
n_interesting_files.append(os.path.join(TEMP_FOLDER, fileName))
except Exception as e :
return intere sting_files
return interesting_files
One more way to contribute is to make the comparison loop smarter and quicker. You might decide to parallelized task by forking and spawning more process or by changing the way I use multi-threading in this quick and dirty statistic script. In conclusion every working pull is welcomed.

Cite The Work
@misc{ MR,
author = "Marco Ramilli",
title = "Phishing Kits Tracker",
year = "2020",
url = "https://marcoramilli.com/2020/07/13/introducing-phishingkittracker/",
note = "[Online; July 2020]"
}

Credits
  • Alen Pavlovic for the amazing image that I borrowed from here
  • agarwalkeshav8399 for code similarity algorithms from here


...



๐Ÿ“Œ Introducing the PhishingKitTracker


๐Ÿ“ˆ 35.21 Punkte

๐Ÿ“Œ Don't give it away, give it away, give it away now, bot busting biz tells reCAPTCHA data serfs


๐Ÿ“ˆ 33.59 Punkte

๐Ÿ“Œ I installed Stud.io with Wine, and it runs the โ€œfirst-time setupโ€ everytime I launch it


๐Ÿ“ˆ 33.15 Punkte

๐Ÿ“Œ CVE-2023-50982 | Stud.IP up to 5.0.8/5.1.6/5.2.5/5.3.3 upload_action/edit_action unrestricted upload


๐Ÿ“ˆ 33.15 Punkte

๐Ÿ“Œ Phishing Kits: Threat Actors Analysis Research


๐Ÿ“ˆ 29.56 Punkte

๐Ÿ“Œ Raw-Entwickler und Effektmaschine ON1 Photo RAW 2017 erschienen


๐Ÿ“ˆ 28.46 Punkte

๐Ÿ“Œ Obama Changed Rules Regarding Raw Intelligence, Allowing NSA To Share Raw Data With US's Other 16 Intelligence Agencies


๐Ÿ“ˆ 28.46 Punkte

๐Ÿ“Œ Raw-Entwickler und Effektmaschine ON1 Photo RAW 2017 erschienen


๐Ÿ“ˆ 28.46 Punkte

๐Ÿ“Œ Obama Changed Rules Regarding Raw Intelligence, Allowing NSA To Share Raw Data With US's Other 16 Intelligence Agencies


๐Ÿ“ˆ 28.46 Punkte

๐Ÿ“Œ heise+ | Test: Raw-Fotoentwickler PhotoLab 3.3 mit Nik Collection 3 und Photo Raw 2020.5


๐Ÿ“ˆ 28.46 Punkte

๐Ÿ“Œ Adobe Photoshop Camera Raw up to 7.2 Raw.8bi Plugin memory corruption


๐Ÿ“ˆ 28.46 Punkte

๐Ÿ“Œ Adobe Photoshop Camera Raw up to 7.2 Raw.8bi Plugin memory corruption


๐Ÿ“ˆ 28.46 Punkte

๐Ÿ“Œ TESTED, Apple 2022 MacBook Pro M2 Max: Adobe Camera Raw, RAW to JPEG


๐Ÿ“ˆ 28.46 Punkte

๐Ÿ“Œ 2023 MacBook Pro M3 Max: Adobe Camera Raw: RAW to JPEG


๐Ÿ“ˆ 28.46 Punkte

๐Ÿ“Œ What are phishing kits? Web components of phishing attacks explained


๐Ÿ“ˆ 27.31 Punkte

๐Ÿ“Œ Remote monitoring of raw material supply chains for sustainability with Amazon SageMaker geospatial capabilities


๐Ÿ“ˆ 26.42 Punkte

๐Ÿ“Œ Samsung Galaxy S8 Price Could Increase by Up to 20% Due to Raw Material Costs


๐Ÿ“ˆ 26.42 Punkte

๐Ÿ“Œ Samsung Galaxy S8 Price Could Increase by Up to 20% Due to Raw Material Costs


๐Ÿ“ˆ 26.42 Punkte

๐Ÿ“Œ Solar Companies Are Scrambling to Find a Critical Raw Material


๐Ÿ“ˆ 26.42 Punkte

๐Ÿ“Œ Just wanted to give a shout out to the Linux community, and Wine community


๐Ÿ“ˆ 25.65 Punkte

๐Ÿ“Œ China Refuses To Give WHO Raw Data on Early Covid-19 Cases


๐Ÿ“ˆ 25.43 Punkte

๐Ÿ“Œ Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community


๐Ÿ“ˆ 24.46 Punkte

๐Ÿ“Œ Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community


๐Ÿ“ˆ 24.46 Punkte

๐Ÿ“Œ Google Research, 2022 & beyond: Research community engagement


๐Ÿ“ˆ 24.46 Punkte

๐Ÿ“Œ Concluding the Azure Sphere Security Research Challenge, Microsoft Awards $374,300 to Global Security Research Community


๐Ÿ“ˆ 24.46 Punkte

๐Ÿ“Œ Material Components, Material.io, and Theming (The Boring Flutter Development Show, Ep. 9)


๐Ÿ“ˆ 24.37 Punkte

๐Ÿ“Œ Material Design Components: Material Theming - MAD Skills


๐Ÿ“ˆ 24.37 Punkte

๐Ÿ“Œ Material Design Components: Material Motion - MAD Skills


๐Ÿ“ˆ 24.37 Punkte

๐Ÿ“Œ Using Beautiful Material Themes from Material Theme Builder in Stylify CSS


๐Ÿ“ˆ 24.37 Punkte

๐Ÿ“Œ Material Design: Googles vรถllig neu gestaltete Material-Richtlinien sind da; Linktipp fรผr alle Design-Interessierten


๐Ÿ“ˆ 24.37 Punkte

๐Ÿ“Œ Material You: Google bringt das schicke Android-Design auf den Desktop โ€“ Material You startet in Chrome (Galerie)


๐Ÿ“ˆ 24.37 Punkte

๐Ÿ“Œ Material You: Google bringt das schicke Android-Design auf den Desktop โ€“ Material You startet in Chrome (Galerie)


๐Ÿ“ˆ 24.37 Punkte

๐Ÿ“Œ Research shows web security products perform well against exploit kits


๐Ÿ“ˆ 23.18 Punkte

๐Ÿ“Œ Research shows web security products perform well against exploit kits


๐Ÿ“ˆ 23.18 Punkte











matomo