I Studied information engineering at WITS and started working at Absa bank in 2015 in the cyber security team. For the last year I have been the lead developer on a SOAR tool, automating cyber security processes.
My team and I use a DevOps life cycle when implementing solutions which I plan on including in the talk. I am in the process of obtaining the OSCP certification and will (cross fingers) be getting it mid next month.
I have a passion for automating cyber security processes and believe that it will become mandatory in every cyber security team as adversary’s become more autonomous.
Title: Gollum – One anti-phish bot to rule them all
Credential phishing scams cost companies and the general public millions of Rand every year and also degrade the reputation of targeted companies. Gollum’s purpose is to detect, report and track phishing sites. It does this using website referrer logs, anti-phishing feeds and client reports to automatically find phishing targeting a brand. These sites are then reported to anti-phishing feeds which in turn populates commonly used browser black lists.
Gollum parses links and attachments from client emails, which are used to classify the email as phishing. This is achieved using image recognition applied to screenshots taken in a headless browser. Gollum also makes use of HTTP GET requests and the html of the website to decide if it is phishing. Phishing sites which fetch content from the target will appear in the targets referrer log. This is an additional resource which Gollum utilises to detect phishing. Gollum includes a Telegram bot to facilitate the reporting and verification of phishing sites. Additionally it includes a web front end for viewing statistics and loading phishing pages in a “sandbox” environment. It is written in Python, is hosted predominantly on cloud infrastructure and is deployed using Terraform and Ansible.
This tool has been in production at one of the large banks in South Africa for several months now and interesting statistics have been gathered which will be shared in the talk. Gollum is also set to be released as an open source project.