2021 - Advanced Phishing Threats (APT) - Exploiting Modern Features by Payton Miller
- Scripts to generate permutations of Domain names that could be used for Typosquatting.
- Usage: change the company variable name within the file.
- This script could be tied to an API to assess if these Domains are available, and evaluate a heuristic "trustworthiness score" against a cost matrix to optimize the purchase of your domains.
- Further consideration, this would require a rotating proxy to retrieve any amount of meaningful data from a single resource, or dynamic querying of multiple platforms simultaneously with contextual switching. Possible, but hard to implement in a "free method".
- Insert a filename, and the file extension you would like to spoof.
- Filenames can be copied and pasted into the filename field of a file.
- Converts domain names to subdomains.
- Insert valid "long FQDN with a long URL path (and parameters?) and your domain name.
- Implement checks for length, and subdivisions.
- Presentation Slides for SATX BSides 2021.
- Updated with Modern Techniques for WWHF Hackcast.