Skip to content

Research Update Enhanced src/generic-methodologies-and-resou... #1380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Research Update Enhanced src/generic-methodologies-and-resou... #1380

wants to merge 7 commits into from

Conversation

carlospolop
Copy link
Collaborator

🤖 Automated Content Update

This PR was automatically generated by the HackTricks News Bot based on a technical blog post.

📝 Source Information

  • Blog URL:
  • Blog Title: Research Update: Enhanced src/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md
  • Suggested Section: Research

🎯 Content Summary

Research Update for src/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md

This PR contains automated research updates including:

  • Latest security vulnerabilities and attack vectors
  • Updated techniques and tools
  • Enhanced explanations and examples
  • Additional references and resources

Generated by: HackTricks Research Agent
Timestamp: 2025-09-04 08:28:18 UTC

This update was generated through automated security research to keep HackTricks content c...

🔧 Technical Details

Research update for HackTricks content

🤖 Agent Actions

I reviewed the existing page and related phishing pages in this section (including the homograph/homoglyph page) to avoid duplication, then researched up-to-date detection techniques and tools. I’ve updated the file with practical, actionable additions and minor corrections while keeping the HackTricks structure and style.

What I changed and added

  • Fixed minor typos and clarified wording in “Finding suspicious domains.”
  • Added an internal cross-reference to the homograph/homoglyph page to avoid duplicating IDN-specific content.
  • New “Hunting by favicon and web fingerprints” section:
    • Shows how to compute mmh3 favicon hashes and pivot in Shodan/ZoomEye/Censys.
    • Includes a short Python snippet and operational notes about precision and validation.
  • New “URL telemetry hunting (urlscan.io)” section:
  • New “Domain age via RDAP (scriptable)” section:
    • Ready-to-run curl+jq examples (Verisign .com/.net and rdap.net redirector).
    • Advice on prioritizing NRDs (<7d, <30d).
  • New “TLS/JAx fingerprints to spot AiTM infrastructure” section:
    • Adds JA3/JA4/JA4S/JA4H enrichment guidance and cautions.
    • References observed Evilginx-related JA4 fingerprints as a weak signal (with caveats). (blog.apnic.net)
  • Strengthened CT monitoring guidance with triage heuristics (NRDs, registrars, WHOIS privacy, NotBefore times).
  • Added a heuristic note about file-extension TLDs (e.g., .zip/.mov) combined with NRD/keyword signals to improve precision.
  • Preserved all existing valuable content and images.
  • Added a “## References” section (kept minimal per instructions) with:

The file has been updated directly in the repo:

  • src/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md

If you want further enhancements later, we could:

  • Add a small script to generate dnstwist candidates, push them to a DNS sinkhole/watchlist, and schedule urlscan/CT/RDAP enrichment.
  • Document a few vetted favicon hashes for common brand assets as examples (carefully maintained to avoid false positives).

This PR was automatically created by the HackTricks Feed Bot. Please review the changes carefully before merging.

🗑️ File Cleanup

  • searchindex.js removed: This auto-generated file has been removed to prevent conflicts.

Build master and others added 5 commits August 29, 2025 10:09
Update searchindex (purged history; keep current)
40ff109
Add content from: SoTap: Lightweight in-app JNI (.so) behavior logger…
6c9af82 
… for Andr...

- Remove searchindex.js (auto-generated file)
Update searchindex (purged history; keep current)
d9f5413
@carlospolop
Merge pull request #1367 from HackTricks-wiki/update_SoTap__Lightweig…
326ca80 
…ht_in-app_JNI___so__behavior_logge_20250829_123609

SoTap Lightweight in-app JNI (.so) behavior logger for Andro...
Add content from: Research Update: Enhanced src/generic-methodologies…
c1cb3d4 
…-and-reso...

- Remove searchindex.js (auto-generated file)
@carlospolop
Copy link
Collaborator Author

🔗 Additional Context

Original Blog Post:

Content Categories: Based on the analysis, this content was categorized under "Research".

Repository Maintenance:

  • MD Files Formatting: 874 files processed

Review Notes:

  • This content was automatically processed and may require human review for accuracy
  • Check that the placement within the repository structure is appropriate
  • Verify that all technical details are correct and up-to-date
  • All .md files have been checked for proper formatting (headers, includes, etc.)

Bot Version: HackTricks News Bot v1.0

@github-actions github-actions bot force-pushed the master branch 8 times, most recently from e6449f9 to 710e03a Compare September 7, 2025 20:04
@carlospolop
Merge branch 'master' into research_update_src_generic-methodologies-…
5494cbb 
…and-resources_phishing-methodology_detecting-phising_20250904_082429
@carlospolop
Copy link
Collaborator Author

merge

@github-actions github-actions bot force-pushed the master branch 7 times, most recently from 4b54ccf to 74cc86a Compare September 8, 2025 06:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@carlospolop