Artificial Intelligence Phishing
Code: DAP/20-07
Active
Funding: Defence Funded Research
Start: March 2020
End: March 2024
The predominant approach for performing an "Advanced Persistent Threat" (APT)-type attack against high-profile target organizations is through attacking an innocent internal user, that is used as a pivot point for getting a foothold inside the target network, and then performing lateral movement towards other internal resources that can provide a persistent access or are of higher value to the attacker.
Organizations with a certain cyber-security maturity level nowadays have awareness trainings as a standard part of their cyber-security management approach. As a result the internal computer users will typically have at least a minimal cyber-awareness level and will not fall for the most obvious phishing traps.
That is why attackers are moving towards evermore sophisticated spear-pishing attacks that use specifically crafted emails, as well as to modern social media channels such as Instagram direct messages, etc. We therefore need to constantly improve the cybersecurity knowledge, skills and aptitudes of our internal users so they resist to these attacks and continue to be a part of the solution rather than becoming a part of the problem.
As a contribution to this constant scaling up of the cyber awareness level of our internal users, we will develop in this project a "Social Driven Vulnerability Assessment" (SDVA) toolkit, that will allow us to evaluate to what extent our corporate users are vulnerable to targeted spear-phishing attacks, and will allow them to improve their defensive posture by receiving informative feed-back when they happened to be tricked by a specific phishing test.
With the release of Laravel 9, the Swift Mailer (that is no longer maintained) has been replaced by the Symfony Mailer. You can already find some useful information about this change along all the other ones in the Upgrade Guide from Laravel 8.x to 9.0. However this guide does not contain enough information if you want to send fully customized emails. This blog post proposes you a solution coming directly from the Symfony documentation!
ReadSecure Software Development GitLab PHP Cyber-Wise
Learn how to secure any project with the GitLab SAST analyzers and easily separate the false positives from the real threats that should be addressed before deploying the project.
ReadDid you know that mysqldump can create inconsistent backups if you do not use database transactions in Laravel? Let's discover that issue and address it in order to avoid it. After setting up and running locally a Laravel project that will serve as a demo for that specific issue, we will observe the necessity of using transactions and how to implement them. We'll also discover many more tips while trying to understand what happens under the MySQL hood.
ReadOptimizing you web app from the browser side is an important concern, to provide a pleasant experience to your users. It will also reduce the traffic on your servers. In this post we show how to implement static content caching and cache busting on a Laravel application.
Read