Push Security Launches Phishing Detection Evasion Techniques Matrix to Help Security Teams Pinpoint Detection Gaps
August 06, 2025
New open source framework maps the latest generation of real-world phishing techniques, revealing how attackers bypass identity providers and evade traditional defenses
LAS VEGAS, BLACK HAT, USA – Aug. 6, 2025 – (Booth #2057) Push Security, a leader in browser-based detection and response, today published its Phishing Detection Evasion Techniques matrix, offering a new view into the way that modern phishing attacks function, and how they’re being used to evade classic detection controls.
Modern phishing attacks are routinely bypassing traditional email and network-based phishing defenses. Attackers are using alternative delivery methods (such as IM platforms, social media, and malicious ads), camouflaging phishing links by abusing legitimate apps and services, and using bot protection, obfuscation, and runtime anti-analysis features, making them resistant to automated analysis.
“Handling phishing the same way we did 10 or 15 years ago just isn’t an option anymore,” said Jacques Louw, chief product officer at Push Security. “This resource gives defenders a clearer picture of how sophisticated attackers are actually operating in the wild — and how traditional security controls are being outmaneuvered."
The Phishing Detection Evasion Techniques matrix builds on Push Security’s earlier SaaS Attacks Matrix, continuing the company’s mission to help security teams visualize and counter real-world identity threats across the modern attack surface.
Key features of the matrix include:
- Mapped TTPs across every phase of the phishing lifecycle, including target reconnaissance, lure crafting, link camouflage, anti-analysis, and MFA bypass.
- Real-world examples of how attackers use these techniques in the wild.
- Designed to be used and operationalized by security teams as part of phishing controls testing.
This new framework arrives at a time when phishing attacks are becoming more targeted, evasive, and damaging, especially as enterprises shift to identity-based security models. In fact, phishing was the initial source of compromise in as many as 37% of all breaches in the 2025 Verizon Data Breach Investigations Report dataset, accounting for more than any other single access vector. It is also estimated that phishing attacks cost businesses nearly $4.76 million per breach driven largely by compromised credentials, lost productivity, incident response costs, and downstream damage to applications and data.
The Phishing Detection Evasion Techniques Matrix is now available on GitHub. For more details about the matrix check out the Push Security blog post or visit the team this week at Black Hat USA, booth #2057.
About Push Security
Push Security brings active security to the browser to stop identity attacks that result in account takeover — such as phishing, credential stuffing, session hijacking — and secures your entire identity perimeter. Push is the industry’s first identity security platform that uses a browser agent to monitor and defend workforce identities. Think of Push as being like EDR, but in the browser. Security teams use Push to map their identity attack surface, detect and respond to advanced identity attacks in real time, and proactively improve their overall identity security posture. Push was founded by former red team members skilled in offensive security and security operations and is backed by Decibel, GV (Google Ventures), Redpoint Ventures, Datadog Ventures, B3 Capital and other notable angel investors. For more information, visit https://pushsecurity.com or follow @pushsecurity.
