PassiveTotal Thursday:
Mark Of the Web – Tracking Phish

  • Speaker(s): Caroline Yoon, RiskIQ

To generate phishing pages, attackers can simply save a copy of the login page to their local machine. By doing so, however, attackers can be easily exposed by an embedded HTML artifact called “Mark of the Web”.

In this PT Thursday, we’ll be looking into how RiskIQ pairs our component detection with extracted page attributes to help analysts uncover attacker infrastructure and phishing campaigns. Using the breadcrumbs they leave behind, such as the MarkOfTheWeb, you can pivot on data sets inside RiskIQ PassiveTotal and tap into our repository of internet data to trace the origin of phishing campaigns and their operators.

Watch today to learn:

  • How RiskIQ’s unique crawling network creates unique and correlated data sets for threat investigation
  • How you can uncover cyber attack infrastructure and attribute cyber attacks with web component data found in PassiveTotal
  • Real use cases in which analysts have leveraged the MarkOfTheWeb to uncover phishing campaigns.

Watch the Webinar