Entries by Rodolfo Saccani

Web obfuscation technique using invisible spans

In order to delay detection, phishing and malware websites often use some obfuscation technique. Obfuscation techniques are double-edged swords. They hide the malicious content from dumb crawlers, bots and sandboxes, but smarter algorithms that know what to look for can detect the malware just by looking at it’s attempts to hide. This is one of […]

Pragmatic approach to security

This is the presentation that I used in my speech at the 2017 Security Summit in Milan. Security Summit, organized by ClusIt, is the most important security event in Italy. My speech was about protecting from unknown threats delivered via email, the focus was on the relationship between pragmatism and security. In this post I will […]

Anti-phishing techniques and tools

There is a big illicit business out there and it’s driven by a simple old trick: deception. Deception is at the base of many online black and gray activities, from click baiting to ransomware. Pair deception with email and what you get is email phishing. The target of e-mail phishing campaigns is inducing the victim […]

A real email phishing experience

There are many email phishing techniques. Some phishing campaigns are mostly automated: a phishing landing page is created and a mass phishing campaign is launched to send victims to the landing page. On the attacker side, humans start getting involved only after the victims have provided personal information to the phishing landing page. Other phishing […]

The Bot

From time to time a chatbot contacts me. If I have time, I enjoy to find out what kind of script the chatbot follows. This time it was on gtalk. As you can see from the following transcript, the chatbot didn’t care at all about my replies, it just waited for any input on my […]