Your credentials were leaked, so what?
| Action | Key |
|---|---|
| Play / Pause | K or space |
| Mute / Unmute | M |
| Toggle fullscreen mode | F |
| Select next subtitles | C |
| Select next audio track | A |
| Toggle automatic slides maximization | V |
| Seek 5s backward | left arrow |
| Seek 5s forward | right arrow |
| Seek 10s backward | shift + left arrow or J |
| Seek 10s forward | shift + right arrow or L |
| Seek 60s backward | control + left arrow |
| Seek 60s forward | control + right arrow |
| Seek 1 frame backward | alt + left arrow |
| Seek 1 frame forward | alt + right arrow |
| Decrease volume | shift + down arrow |
| Increase volume | shift + up arrow |
| Decrease playback rate | < |
| Increase playback rate | > |
| Seek to end | end |
| Seek to beginning | beginning |
Share this media
HLS video stream
You can use an external player to play this stream (like VLC).
HLS video streamWhen subscribed to notifications, an email will be sent to you for all added annotations.
Your user account has no email address.
Information on this media
Everyday, all of us are flooded with phishing emails trying to impersonate many well-known brands (Netflix, DHL, Microsoft, Google, Facebook & co). Some phishing campaigns are poorly prepared and can be easily spotted. On the other side, some are really well crafted and, be honest, who never clicked on a malicious link? If the flood is constant, it means that it works! And thread actors expect to get our credentials. But, is it really the case? How fast do they react once we disclosed them? That’s the purpose of our research. We developed a tool, called PhishTrack, that behaves as a honeypot but with more interaction with phishing kits. The tool is fed with phishing URLs. They are visited, categorized and, if possible, we provide unique credentials. Then, we monitor the honeypot and expect (crossing fingers) that our credentials will be re-used. We simulate classing landing pages and protocols: a web portal, MS account, VPN login, VNC, SSH, RDP (and maybe more soon). As an example, our current record is 3 mins between the phishing page visit and the attempt to (ab)use the credentials from Nigeria. The talk will be split in two parts: We will introduce the tool, what are the core components, how it works, how we deployed it. The second part of the talk will be a review of our findings.
Other media in the channel "2026"
3 views, 3 this year, 3 this monthDesktopRanger Blocks Keystroke Spying: Hardening Windows Desktop IsolationJuly 1st, 2026
Rust, PAM and Typestate: Cooking up spotless authentication with nonstickJuly 2nd, 2026
Fractum: an open-source CLI for Threshold-Based Cold Storage of Critical SecretsJuly 2nd, 2026
3 views, 3 this year, 3 this monthKeibiDrop: Post-Quantum Encrypted Peer-to-Peer File Transfer Without the CloudJuly 2nd, 2026
1 views, 1 this year, 1 this monthOblivious HTTP - when the server does not want to see your IPJuly 2nd, 2026
GCVE: Rebooting Vulnerability Tracking for an Open Security EcosystemJuly 2nd, 2026