Introducing the Phishing Portal Catalog

At SeclarityIO, we believe that Threat Intelligence should be concrete, testable, and widely available. I can no longer count how many times I've opened up a Threat Intelligence report, only to find exceedingly vague descriptions of the TTPs discovered by the author. It has left me with the idea of something to look for, but no concrete steps in that direction. Often times the only concrete network information is IOCs, but these are exceedingly short-lived identifiers of interesting activity.

Understanding what appears in a Threat Intelligence report is one thing, but actually being able to test whether you've encountered the threat in your environment is quite another. It should be simple to go from raw threat intelligence to an understanding of how your organization is impacted.

Last but certainly not least, I have found it to be extremely difficult to confidently know whether the community has already analyzed some activity. Moreover, knowing whether or not they have identified the activity as good, bad, uninteresting, or something else is just as hard. This often leads to many analysts repeating investigations and a massive waste of already-oversubscribed resources, simply because the intelligence is not widely available.

The Start of a Journey

The challenges I laid out above have been the status quo for decades, but it's not what will allow us to gain the upper hand on adversaries far and wide. These are challenges that we intend to solve with NetworkSage, and we're beginning part 1 of that journey today. Our new resource, the Phishing Portal Catalog, aims to be a go-to resource for all analysts, researchers, and responders to:
  • Learn which phishing kits are known to the community
  • Identify which Attack Vectors are used to serve these kits
  • Review actual network samples
  • Check your environment's network data against NetworkSage
Our first phishing portal in the catalog comes directly from our recently-released Threat Intelligence report. As we collect additional portals to catalog, they will be found within our Resources menu.

If you have a phishing kit that you'd like to see included, please reach out to us on Twitter, LinkedIn, or Slack!

Additional Resources

To dig deeper into what NetworkSage has to offer, I recommend the following resources:
Or, if you just want to get out and start exploring, you can register for a free account and start submitting samples now!