How to tell a phishing exercise domain is a phishing exercise domain: The SSL certificate specifies a Subject Alternative Names list that is a fucking novel.
Conversation
Notices
-
Embed this notice
da_667 (da_667@infosec.exchange)'s status on Saturday, 11-Oct-2025 04:45:19 JST 
da_667
- prettygood likes this.
- GreenSkyOverMe (Monika) repeated this.
-
Embed this notice
da_667 (da_667@infosec.exchange)'s status on Saturday, 11-Oct-2025 04:46:19 JST
da_667
DA, you loveable scamp, how is this done?
grab the e-mail address/domain from the suspected phishing e-mail, input it into virustotal. Click on details for the domain, and pay attention to the "Last HTTPS Certificate" section. See if the Subject Alternate Name section looks like war and peace.
Done deal.
Phishing exercise orgs are the only ones who do this, because bad guys just use lets encrypt.
prettygood likes this. -
Embed this notice
da_667 (da_667@infosec.exchange)'s status on Saturday, 11-Oct-2025 04:46:20 JST
da_667
This is the third time I've gotten a phishing exercise e-mail, in which this has happened, and its hilarious every single time because I get to map your company's entirely list of phishing domains.
prettygood likes this.
All GNU social JP content and data are available under the