Security BSides Las Vegas 2025

Phish-Back: How to turn the problem into a solution.
2025-08-05 , Tuscany

What if the solution to the major problem of identity theft was to play the same game as our opponents? Following a major crisis caused by spear phishing, we immersed ourselves in developing a defense strategy that we called “Phish-Back,” the only real technical way to recover stolen credentials that don't end up on marketplaces.

But exposing defensive phishing pages to the internet comes with many challenges. From managing dozens of fingerprinting technologies to eliminating the phenomenal noise of the internet, this talk will detail all the technical challenges we encountered and the surprising results we achieved.


As explained in the abstract, I worked as a SOC Manager for international companies for nearly 10 years. A little over two years ago, I was confronted with the worst cyber crisis management of my career due to spear phishing. I then came up with this “phish-back” strategy to finally regain technical control over the issue of identity theft, which is currently mainly managed through employee awareness.

As there has been very little public research on this topic, the team I put together has experimented and learned how to create the best defensive phishing techniques. The goal of this approach is to create fake pages exposed to the internet that would tempt attackers to try out what they have stolen in order to gain access to the network.

The goal of this talk is to present our work and explain to technical teams how they can implement such a strategy in their organization. There are many technical pitfalls to avoid and a huge amount of reverse engineering to anticipate in order to prevent adversaries from discovering that this is a fake gateway to the network. The 20-minute talk will consist of approximately 15 minutes of technical presentations/demos and 5 minutes of context and results.

The part that excites me the most is presenting the results we have observed over the last two years. As a technical expert and pentester, I knew the strategy was great, but I had no idea that attackers would take the bait so readily. I am very happy to present these research results and give back to the community.

You may notice that I have built a company around this strategy after working on it for many months as a side project with my team. I am passionate about cyber security above all else, and the name of our company or the products we sell will never be mentioned once in the presentation. I have attended dozens of conferences in my life, and nothing would annoy me more than seeing someone come and sell something at this type of conference. This is first and foremost a technical conference, by an enthusiast and for enthusiasts.

Former SOC Manager and Pentester with nearly 10 years of experience working with international companies, Gautier is now the CEO of a software company specializing in deception technology. Passionate about cybersecurity, he enjoys sharing his experience and research with the community.