2026-05-07 –, IFEN room 1, Workshops and Detection Engineering village (Building D)
Phishing is still the dominant attack vector, but detecting malicious sites at scale is difficult. This talk shows how open-source automation can make phishing detection fast and proactive. Using real examples from 200+ Nuclei templates, attendees will learn detection methods, template creation, and practical threat intelligence and OSINT use cases.
Phishing remains the dominant attack vector, yet detecting malicious sites at scale continues to challenge security teams. This talk demonstrates how open-source automation can transform phishing detection from a manual, reactive process into a scalable, proactive capability.
I developed and contributed 120+ phishing detection templates to the Nuclei project, enabling security teams worldwide to identify phishing sites impersonating major brands across thousands of hosts in seconds. In this session, I want to share this technique with attendees, covering the detection methodology, template creation, and practical applications for threat intelligence and OSINT research.
A live demonstration will showcase the approach in action, and attendees will leave with the knowledge to build their own detection capabilities using freely available tools.
Rishi is a London-based security researcher with experience in vulnerability research, threat intelligence, and enterprise risk analysis. His work focuses on identifying zero-day vulnerabilities and emerging CVEs, with a particular interest in building detection logic before threats are publicly weaponised.
He works across both offensive and defensive disciplines, developing threat models grounded in real-world TTPs, writing detection rules, and automating reconnaissance to uncover exposed assets at scale. Attack surface management and OSINT are areas he keeps coming back to, specifically the challenge of mapping exposure that organisations often don't know exists.
Outside of his day job, Rishi contributes to open source security tooling through Project Discovery and OWASP, part of the leadership team of the UK OSINT Community, and occasionally speaks at community events including DEF CON and BSides.