Cybersecurity Nonprofit, Security Alliance, has released a new tool to help security researchers prove crypto phishing attacks, which led to more than $ 400 million stolen in the first half of this year.
On Monday, the Security Alliance (SEAL) announced This is working with a new tool to enable “advanced users and security researchers” to join the resistance Crypto phishing By verification that a reported phishing website is malicious.
Cybersecurity researchers often do not see or replicate what users see when they encounter a potentially malicious link, such as Scammers Develop “cloaking features” to deliver a benign content to suspected web scanners, they added.
The new seal tool, called “TLS attestations and verifiable phishing reports” system, aimed at helping security researchers, will now help to prove the malicious website that actually contains the phishing content that the user claims.
“It is intended to be a tool to help experienced ‘good men’ better together, rather than the average user,” Seal told cointelegraph.
“All we need is a way to see what the user sees. After all, if someone says a URL is delivering a malicious content, we can’t take their word for it.”
How SEAL PHISHING REPORTS WORKING
The system works by having a trusted Attestation Server Act as a cryptographic oracle during the TLS connection.
Transport Layer Security (TLS) is a web protocol that ensures safe communication on a computer network by discryping data to protect it from e -blank and tampering.
Related: Venus protocol user suffers $ 13.5m loss from phishing attack
The user or researcher operates a local http proxy that interacts with connections, captures connection details and sends it to the attestation server. The server holds all operations/decryption operations while the user maintains the actual network connection.
Proven phishing reports
Users can submit “proven phishing reports,” which are cryptographically sign proofs that show itself what the content of a website served them.
Seal It can verify they are legitimately unnecessary to access the phishing sites themselves, making it more difficult for attacks to hide their malicious content.
“This is a tool intended for advanced users and security researchers only,” Seal wrote to Github Download Page.
Magazine: ‘Macro Whiplash,’ Shuffle suffers data Breach: Hodler’s Digest
