making security even easier

Web Vulnerability-Based Spear PhishingA Modern Combination of Tools in Cyberterrorism

I have contributed to CRC Press' "Online Terrorist Propaganda, Recruitment, and Radicalization".

This chapter describes a number of different techniques that modern attackers use to enhance phishing attacks bringing the success rate of such attacks to a significantly higher level by using advanced methods to craft phishing pages, including pages created using vulnerabilities of legitimate web applications. It reviews the methods of developing phishing pages, with attempts to make them look like genuine ones by utilizing vulnerabilities of different natures and on different levels, such as IDN name display method of browsers, web certificate issuance process imperfections, and classic cross-site scripting vulnerabilities of web applications. The chapter also describes the advanced techniques of creating phishing pages, it is important to understand the basics of phishing attacks. It reviews technologies and methods used by attackers in order to raise the success rate of attacks, as well as a number of mitigation methods in use.

More details

<< Go back to the previous page

G+ profile

follow me : github, habrahabr , linkedin
Feel free to contact me directly :
emin --at huseynov --dot com

Other projects

Google authenticator for Citrix StoreFront
Google authenticator for Citrix Web Interface 5.4
MOTP App with QR based enrolment

Not security related