SShortSingh.
Back to feed

How Certificate Transparency Logs Help Detect Lookalike Phishing Domains Early

0
·1 views

Certificate Transparency (CT) logs record nearly every new TLS certificate within minutes of issuance, often before a phishing site goes live, giving security teams an early warning signal. Browsers from Chrome and Safari have required public CT logging since 2018, meaning attackers registering lookalike domains can be spotted almost immediately. However, with over 10 million certificates logged daily across 40-plus active logs, filtering relevant threats requires techniques beyond simple edit-distance matching, including typo permutations, combosquatting detection, TLD monitoring, and homoglyph analysis. Homoglyph attacks are particularly tricky as they use visually similar Unicode characters that appear as punycode in logs and must be decoded and compared using Unicode's confusables standard. In practice, teams must also manage false positives from their own infrastructure, such as CDN certificates, wildcard certs, and internally spun-up campaign domains.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

LLMs in alert pipelines amplify your architecture — good or bad, says home-lab engineer

A home-lab Zabbix operator exploring LLM-assisted alert management found that poorly tuned monitoring configurations — not the technology itself — are the root cause of alert fatigue. Rather than immediately coding a solution, the operator spent two weeks designing a clear system architecture before writing any LLM-assisted code. The core insight from the project is that large language models act as expansion engines for well-defined designs, but produce incoherent or unreliable outputs when given vague, unstructured prompts. The operator argues that neither extreme view of LLMs — that they replace engineers entirely, or that they are too unreliable to use — holds up in practice. Instead, the quality of the system an LLM helps build depends almost entirely on the architectural rigour the engineer brings to the process.

0
ProgrammingGitHub Blog ·

GitHub cleared 20,000 secret scanning alerts across 15,000 repos in 9 months

GitHub faced a massive security backlog of over 20,000 secret scanning alerts spread across 15,000 repositories. The company undertook a nine-month effort to systematically address all outstanding alerts. A key part of the process involved distinguishing genuine security threats from false positives, effectively separating signal from noise. GitHub also developed structured remediation workflows to streamline how alerts were investigated and resolved. The initiative ultimately brought the team to inbox zero, clearing every open secret scanning alert.

0
ProgrammingDEV Community ·

How HelperX Runs Zero-Downtime SQLite Schema Migrations in Production

The team behind HelperX, a production app built on SQLite, developed a phased migration strategy to handle schema changes without blocking live write operations. SQLite's ALTER TABLE support is intentionally limited, making structural changes like dropping columns or altering types impossible without fully rebuilding the affected table. A naive table rebuild holds a write lock for its entire duration, causing multi-second stalls on large datasets under steady traffic. To avoid this, the team categorizes schema changes as additive or destructive, shipping additive changes instantly via native ALTER TABLE and reserving full rebuilds only for rare structural changes. Their phased approach creates a parallel table, enables dual-writes from the application, and performs the cutover in small, non-blocking steps to ensure no data loss even if the process fails midway.

0
ProgrammingDEV Community ·

Why Bukkit's Old onCommand Pattern Is Outdated and How Brigadier Fixes It

A developer tutorial published on DEV Community argues that the traditional Bukkit CommandExecutor pattern for writing Minecraft Paper plugin commands is outdated and error-prone in 2026. The old approach relies on manually parsing string arrays and implementing separate TabCompleter logic, making commands difficult to debug and maintain. The article advocates switching to Paper's Brigadier API, which uses a declarative command tree structure where permissions, tab completion, and argument validation are defined at registration time. Brigadier's ArgumentTypes.player() resolver also natively supports selectors like @a and @p without custom implementation. The tutorial demonstrates building conditional command trees based on plugin config, so features like severity levels in a report command are reflected accurately in both execution and tab completion.

How Certificate Transparency Logs Help Detect Lookalike Phishing Domains Early · ShortSingh