Artificial Intelligence Phishing
Code: DAP/20-07
Finished
Funding: Defence Funded Research
Start: March 2020
End: March 2024
Duration: 49 months
The predominant approach for performing an "Advanced Persistent Threat" (APT)-type attack against high-profile target organizations is through attacking an innocent internal user, that is used as a pivot point for getting a foothold inside the target network, and then performing lateral movement towards other internal resources that can provide a persistent access or are of higher value to the attacker.
Organizations with a certain cyber-security maturity level nowadays have awareness trainings as a standard part of their cyber-security management approach. As a result the internal computer users will typically have at least a minimal cyber-awareness level and will not fall for the most obvious phishing traps.
That is why attackers are moving towards evermore sophisticated spear-pishing attacks that use specifically crafted emails, as well as to modern social media channels such as Instagram direct messages, etc. We therefore need to constantly improve the cybersecurity knowledge, skills and aptitudes of our internal users so they resist to these attacks and continue to be a part of the solution rather than becoming a part of the problem.
As a contribution to this constant scaling up of the cyber awareness level of our internal users, we will develop in this project a "Social Driven Vulnerability Assessment" (SDVA) toolkit, that will allow us to evaluate to what extent our corporate users are vulnerable to targeted spear-phishing attacks, and will allow them to improve their defensive posture by receiving informative feed-back when they happened to be tricked by a specific phishing test.
SMS Phishing Python Cyber-Wise
Despite its occasional unreliability as seen here and there, SMS remains a common communication method. Before diving into Python, understanding AT commands is a good start for interfacing with a USB GSM modem. This concise guide lays out the steps to integrate SMS functionality into your projects, enabling you to utilize the power of SMS communication with ease.
ReadThis blog discusses the security of SMS in the context of 5G. In a preceding blog (https://cylab.be/blog/171/sms-based-2-factor-authentication-is-insecure), we already addressed the issue of SMS interception in 2G/3G networks and its potential consequences for 2-Factor Authentication. Here, we analyze the situation within the 5G ecosystem.
ReadSMS Phishing Python Cyber-Wise
Despite its occasional unreliability as seen here and there, SMS remains a common communication method. Before diving into Python, understanding AT commands is a good start for interfacing with a USB GSM modem. This concise guide lays out the steps to integrate SMS functionality into your projects, enabling you to utilize the power of SMS communication with ease.
ReadWith the release of Laravel 9, the Swift Mailer (that is no longer maintained) has been replaced by the Symfony Mailer. You can already find some useful information about this change along all the other ones in the Upgrade Guide from Laravel 8.x to 9.0. However this guide does not contain enough information if you want to send fully customized emails. This blog post proposes you a solution coming directly from the Symfony documentation!
Read