Catching Transparent Phish - Understanding and Detecting MITM Phishing Kits

Explore the evolving landscape of phishing attacks and defense mechanisms in this 58-minute conference talk. Delve into the anatomy of traditional phishing techniques and their limitations before examining the rise of Man-in-the-Middle (MITM) phishing toolkits. Analyze the threat model of MITM phishing and learn about network-level detection methods, including network timing analysis. Gain insights into MITM phishing toolkit classification, their prevalence on the web, and domain types commonly used. Investigate the lifecycle of MITM phishing websites through a case study of Palo Alto Networks. Discover server-side TLS fingerprinting techniques and explore effective countermeasures to protect against these sophisticated attacks. Conclude with a comprehensive understanding of the challenges and strategies in detecting and mitigating transparent phishing attempts.

Intro
The Value of Stolen Data
Anatomy of a Traditional Phishing Attack
Limitations of Traditional Phishing
Man-in-the-Middle (MITM) Phishing Toolkits
MITM Phishing Toolkit Threat Model
Network-Level Phishing Detection
Network Timing Analysis
MITM Phishing Toolkit Groundtruth
MITM Phishing Toolkit Classifier
MITM Phishing Toolkits on the Web
MITM Phishing Domain Types
MITM Phishing Website Lifecycle
Case Study: Palo Alto Networks
Server-side TLS Fingerprinting
Countermeasures
Conclusion