Wes is especially motivated and passionate for dramatically improving data hunting tradecraft within the cyber security domain. I have a very broad range of technical interests – particularly in the security dimension of hardware, software, systems, and networks. His background is in security product engineering, network forensics, and machine learning. When he’s not hacking the planet, he enjoys playing more golf than is healthy and painfully rooting for the Washington Capitals.
Building a Predictive Pipeline to Rapidly Detect Phishing Domains
Registering a phishing domain, requesting an SSL certificate, and installing it on the server got much cheaper for threat actors thanks to the LetsEncrypt Certificate Authority. Detecting these new domains has always been a reactive process for security teams; just like malware, one cannot provide threat intelligence on phishing domains before they’re registered and operationalized.
The recent development of the Certificate Log Transparency Network adds an interesting dimension for how this process can be improved. New SSL certificates, and the fully qualified domains for which they are issued, can now be monitored in real-time. Security analysts have intuition on what a phishing domain looks like when they see it. Building a predictive pipeline to detect SSL certs issued to new phishing domains can be accomplished very simply using supervised machine learning. In this talk, I’ll introduce a Python-based framework for building this predictive pipeline from scratch.