Improving dynamic phishing

Introduction

When is the last time you received a phishing email? Did you ever fall for a scam campaign? Have your credentials already been leaked?

We continuously strive to improve software security based on a better understanding of the software risks and threats by implementing prototypes in dynamic languages. In this project, we want to shed light on different phishing schemes, their flexibility, and likelihood of being unnoticed by victims. Traditional internet surf sessions are non-deterministic: Highly dependent on the surfers’ environment and mood, their web site visits become completely different and (almost) unpredictable. Therefore, such behavior requires phishing pages that can be built on demand.

State of the art

We built a prototype that can successfully phish most web sites on demand without any manual intervention. However, it still suffers from imperfections.

Problems

A few problems you’ll be confronted with:

  • Performance and reliability
  • Synchronization of state

Task

Your task is to further improve the existing phishing tool and to evaluate its performance within a safe environment.



Contact

Pascal Gadient

Last changed by gadient on 5 February 2021