New Video from @NoLimitSecu: Thomas Damonville Discusses Stalkfish, an Anti-Phishing Tool

In this episode of the No Limite SQ podcast, Thomas Damonville, alias TAD, discusses his project Stalkfish, a tool dedicated to fighting phishing. Thomas, a cybersecurity expert with over 25 years of experience, began focusing on phishing about 8 to 9 years ago, particularly when he was working at the Assurance Maladie on phishing campaigns targeting Amélie.

Stalkfish is an open-source project that has evolved over the years. Initially, Thomas created Python tools to enrich feeds from various sources and retrieve phishing kits. These kits contain valuable information about the developers of these kits, the data exfiltration vectors, and the configurations used. Thomas explains that this information is crucial for understanding the actors behind these campaigns and anticipating their actions.

The Stalkfish OSS (Open Source Software) project is still available for free on GitHub, but Thomas has also developed a more advanced and paid version, Stockfish, which offers additional features such as pivots on attackers' infrastructures. This version is used by CERTs, cybersecurity researchers, and companies for reputation analysis and in-depth investigations.

Thomas emphasizes the importance of focusing on the actors behind phishing campaigns rather than simply detecting and blocking malicious URLs. He explains that attackers often use bulletproof hosting, making it difficult to take control of the servers. By focusing on the actors, it is possible to better understand their methods and anticipate their next actions.

The podcast also discusses the different types of phishing sites and the varied objectives of attackers, ranging from stealing Office 365 credits to stealing banking data or ID card scans. Thomas mentions that phishing kits are constantly evolving, with improvements in code and the use of technologies such as CMS and phishing as a service (FaaS).

Thomas discusses the countermeasures implemented by fraudsters, such as geolocation and user agent filtering, to prevent access to phishing sites by bots or non-targeted users. He explains how he bypasses these measures to retrieve phishing kits and enrich his analyses.

Finally, Thomas shares his enthusiasm for fighting phishing and his desire to collaborate with law enforcement and companies to improve online security. He encourages listeners to subscribe to Stockfish and to contact him via his website or social media to learn more about his projects and research.

To learn more, watch the full video: https://www.youtube.com/watch?v=1E-kJSobQDQ