BSidesSF 2018 has ended
Back To Schedule
Monday, April 16 • 11:00am - 11:30am
Building a Predictive Pipeline to Rapidly Detect Phishing Domains

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Registering a new domain, obtaining a legitimate SSL certificate, and deploying it on a web server got much cheaper for threat actors thanks to free SSL services like Let's Encrypt. Detecting new phishing domains has always been a reactive process for security teams; just like malware, one cannot provide threat intelligence on phishing domains before they're registered and operationalized.

The development of the Certificate Transparency log network adds an interesting dimension for how this process can be improved. SSL certificates, and the domains for which they are issued to, can now be monitored in real-time... and security analysts already have intuition on what phishing domains look like when they see them. Building a predictive pipeline to detect SSL certificates issued to new phishing domains can be reasonably accomplished using supervised machine learning. In this talk, I'll introduce a Python-based framework for building this predictive pipeline from scratch.

avatar for Wes Connell

Wes Connell

Security Analytics Lead, PatternEx
Wes currently leads threat research efforts for PatternEx, a security startup in Silicon Valley. He previously spent 5 years doing machine learning and intrusion analysis for a threat analytics team at Northrop Grumman. He is especially motivated and passionate for dramatically improving... Read More →

Monday April 16, 2018 11:00am - 11:30am PDT