Sites like phishtank and clean-mx act as crowdsourced phishing detection and validation. By knowing how to look, you can consistently find interesting information about how attackers work, and the tools they use to conduct phishing campaigns. This post will give an example of how phishing kits are used, how to find them, as well as show a case study into other tools attackers use to maintain access to compromised servers.
Introduction It’s been a while! I’ve been busy getting gophish closer and closer to beta. Should be ready soon!
Until then, here’s a quick look at some comment spam scripts I discovered when perusing through the content over at phishtank.com.
As a side note, the scripts were bundled as some Louis Vuitton spam, though that doesn’t seem to relate to the content of the spam scripts at all.
The Spam Scripts Here are the scripts - the format looks very similar to those found by Alex King. Read More