PhishLabBR is a repository focused on gathering and analyzing phishing strategies and tactics specifically targeting Brazilian companies and banks. The goal is to create a reference point for researchers, security professionals, and enthusiasts interested in the unique methods used in phishing attacks within the Brazilian financial ecosystem.
Phishing is a type of cyber attack where attackers disguise themselves as trustworthy entities to steal sensitive information, including login credentials, credit card numbers, and other personal data. This repository helps identify and document phishing campaigns that are actively targeting Brazilian financial institutions and businesses.
If you are interested in a live feed API, please contact us [email protected] Swarmy
- Document phishing cases: Provide a comprehensive list of phishing templates and methods used against Brazilian companies and banks.
- Analyze attack vectors: Explore the strategies used by cybercriminals to deceive users, focusing on local language and cultural nuances.
- Raise awareness: Contribute to the community by raising awareness about phishing threats specific to Brazil.
- Support security research: Assist cybersecurity professionals in developing detection techniques and preventive measures against these phishing threats.
The repository is organized as follows:
phishing_samples/: Real-world phishing detected by our team.analysis/: Detailed analysis of phishing techniques used in the samples.indicators/: Indicators of Compromise (IoCs) for detecting these phishing attacks.resources/: Links to articles, tools, and resources related to phishing in Brazil.
Tools:
- HEDnsExtractor: A suite for hunting suspicious targets, expose domains and phishing discovery.
- Offensive Workflow: Github Actions to hackhack and phishing hunting.
This repository is intended for educational and research purposes only. All phishing materials are shared with the goal of improving cybersecurity awareness and defenses. We do not condone or support any illegal activities, including unauthorized attempts to access or compromise any information systems. Use this repository responsibly and within legal boundaries.
We welcome contributions from the cybersecurity community. If you'd like to add a phishing sample or analysis, please follow the contribution guidelines.