Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday December 01 2016, @02:25AM   Printer-friendly
from the bright-people-being-dim dept.

The well-known FortConsult hacker, better known as Antisnatchor (@antisnatchor), dropped the phishing kit at the Kiwicon hacking event in Wellington New Zealand last week, offering hackers tips to more successfully target businesses through the world's most popular attack vector.

Dubbed "PhishLulz", the Ruby-based toolkit builds on Orru's expertise in phishing. It spawns new Amazon EC2 cloud instances for each phishing campaign and combines a GUI from the PhishingFrenzy kit with the popular BeEF browser client-side attack framework for which he is a core developer.

It also sports a self-signed certificate authority, additional new phishing templates for various scenarios a hacker may encounter, and will in the future be even more powerful with automatic domain registration, for now limited to registrar NameCheap.

All told hackers using the toolkit will be able to send more convincing and much faster phishing emails from seemingly legitimate domains, be alerted immediately when login credentials are received, and send exploits and gain user target configuration information such as operating system and browser versions along with other running software via BeEF.

[...] Phishing emails developed with PhishLulz are designed to trick discerning targets. An impressive 40 percent of staff at an unnamed Australian Government agency opened Orru's phishing emails and sent him corporate VPN credentials during a previous security test engagement.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by purple_cobra on Thursday December 01 2016, @01:37PM

    by purple_cobra (1435) on Thursday December 01 2016, @01:37PM (#435414)

    Old man shouts at cloud!
    But seriously, it is a problem. A few sites I used to frequent and comment on either changed hands or changed design and ended-up with some unholy abomination like LiveFyre or Disqus, both of which seem to slurp in scripts from about 10 different hosts, plus the usual ad servers, trackers and other miscellaneous useless shite. The result being that for some of them, I can't comment at all without doing the suck it and see dance with uMatrix, something I'm getting increasingly bored with; while that should be a set once and forget operation once you've found the correct ones to allow, they seemingly can't keep the same code for more than a week or two before completely retooling it thereby requiring yet more fiddling with uMatrix. As the alternative is a crapflood of ads, increasing the page load time by orders of magnitude and at worst a potential drive-by, it's easier to just close the page and move on. And that's just on a desktop machine!
    So from a fellow old man shouting at clouds, I salute you.