Managing spam, phishing and other boring tasks with your users and constituents

  • 10-17, 14:00–16:00, Schengen 1 and 2
  • 10-18, 10:00–12:00, Schengen 1 and 2

All times in Europe/Luxembourg

It is time consuming and frankly moderately interesting to handle the submission and treatment of spams and phishing things people would like to report to you, either because it is your job or because your that person who knows computer in your family or friends group.

In this workshop, we will see show how to integrate opensource tools that will make your life easier, empower the people reporting thing to you, and hopefully reduce your work load.

Please make sure before attending this workshop that you can install python 3 software on your device, and your device should preferably be running Ubuntu 22.04 or more recent. As the workshop is relatively short and depending on how many people will attend, we may not have time to do a lot of sysadmin work during the workshop.

The tools we will use are the following:

  • Lookyloo (to analyze URLs)
  • Pandora (to analyze files)
  • Lacus (optionally, to capture the URLs when you have a lot of them)
  • An URL monitoring interface (to compare a specific URL over time)
  • Phishtank Lookup (to check if a URL is known or not)

We will also see how to integrate Lookyloo and Pandora to handle the cases where the URL points to a file, and where the file is a web document, or it contains URLs.

Integration with 3rd party services:

  • MISP (to share the indicators)
  • Ticketing system (to manage interactions with other entities, typically take down requests)
  • Validate if URL is known with VirusTotal, PhishtankLookup, URLScan, URLHaus
  • Validate if a file is known with Virustotal, ManwareBazaar, HybridAnalysis, MwDB, JoeSandbox
  • Add contextual information with SaneJS, uWhoisd, Hashlookup

Formerly member of CIRCL, I moved to France but didn't go that far in spirit as I'm still part of the developers and maintainers for a whole bunch of tools there. Some say it is too many, we disagree.