Like many, I got in to computers by programming one of the early home computers (Commodore 16 and then a Sinclair 128K for me), so it was no great surprise that my first business was in web developemtn & hosting back in the 1990s. Over the years , I’ve steadily moved further and further from development, first in to traditional I.T. and then developing a passion for informatioon security.
The thing is – I miss the code.
In 2019, I decided to learn the PHP programming framework Laravel after one of the best programmers I’ve ever met – Eimantas Žolondauskis – told me how powerful he found it, bafflng me with talk of routes, packages and so forth!
Now the problem for many developers when trying to truly learn a new language or platform is a strange one: you need a problem to solve. Sure you can learn the new syntax, read the theory of how it handles the MVC concept and nod thoughtfully at the functionality but to truly learn in coding, you have to have banged your heard against all the little glitches and found the answers.
When I can, I also like to help out charities and small businesses so wanted to make something that might help them.
In 2018/2019, for information security user awareness training sessions I was running, one of the items I covered was puny code domain names and lookalike domain names – I even bought a puny code version of my personal domain name and invited people to spot the difference.
I was aware that spotting these domain names was not practical for many organisations as there can be hundreds of thousands of combinations so when users asked me how to spot them or prevent them, I didn’t have a great answer.
In addition, an organisation I worked with previously was targetted by a copycat domain name, promoting me to write the article “Following the Phisher“. I’d found one facet of what I wanted to solve, though while researching I did find that there is an excellent command line tool that works similarly called DNS Twist (https://github.com/elceef/dnstwist). I decided to still include this as I wanted something for a layperson to use with a management interface wrapped around it.
I’d found the a problem to solve!
An item that is often overlooked when it comes to information security (and even in IT continuity) is the importance of monitoring for DNS changes. Just last month, the website for the programming language Perl had is DNS records hijacked, allowing attackers to expose visitors to their own malicious payloads. In addition to monitoring it can also be very useful being able to look back and see what a DNS records was historically for debugging – I’ve seen examples where hosting companies blamed customers for downtime, stating DNS changes must have been made but no one had any evidence or history. I figured this was probably worth seeing if I could include it.
Because I was writing code that had to go and fetch websites, I figured it also made sense to grab copies of the HTML while I was there and use it as a baseline, allowing PhishDomto perform website change monitoring at the same time as website uptime monitoring.
Domain Registration & SSL Certificate Monitoring
I’ve lost count of the number of stories I’ve heard over the years of services going down, companies losing sales and major outages being caused due to expired SSL certificates or domain name registrations – again, something I thought worth including.
The final element I knew I wanted to include was the ability to run phishing simulations easily. I’ve used a number of platforms for this over the years and have seen room for improvement in all of them. Challenge accepted! 🙂
While all of the above is well and good, its always useful for organisations to be able to prove that they have been training staff, running phishing simulations, etc.
Lastly, there’s plenty of solutions out there for the above for large companies willing to pay for them but I figured if I could build Phishdom “lean” and optimised for performance, I’d be at least able to offer it free to those I think need it most: charities and small businesses. My long term plan is to transition to a server-less model in AWS (Lambda) to reduce costs while improving scalability.