Detection engineer with an ML background. Was trying to write
about how hard it is to detect AI-generated malicious email —
ended up finding the opposite: right now, lazy threat actors are
leaving hilarious and huntable artifacts in their HTML.
Highlights: HTML comments saying "as requested," localhost in
production phishing emails, and a yellow-highlight theory I've
been finding a lot of bad stuff with.
This won't last forever — but for now it's a great hunting signal.
Highlights: HTML comments saying "as requested," localhost in production phishing emails, and a yellow-highlight theory I've been finding a lot of bad stuff with.
This won't last forever — but for now it's a great hunting signal.
reply