How to Detect that Your Domains are Being Abused for Phishing by Using DNS

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=UT8OjdQrwD0


Category:
Guide
Duration: 47:26
28 views
0

Arnold Hölzel | Senior Security Consultant, SMT
Karl Lovink | Lead Security Operations Center, Dutch Tax and Customs Administration
Location: South Pacific
Date: Thursday, August 8 | 5:00pm-6:00pm
Format: 50-Minute Briefings
Tracks: Applied Security, Policy

As a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using RFC's like, RFC7208 – Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, we have developed a technique to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration. This technique is universally applicable. A precondition is access to the DNS logging. By means of this technique, insight can be obtained where the phishing e-mails are sent from and to whom the phishing e-mails are sent. In this talk we will start by explaining which standards are available to increase e-mail security. We will briefly discuss protocols such as: STARTTLS, SPF, DKIM, DMARC, DANE and MTA-STS. We also discuss advanced SPF options. Finally, we will link all of those protocols to detect if our domains are being abused for phishing attacks. The framework we have developed gives you more insight in phishing attacks conducted under the disguise of your organization's name. We firmly believe that if these techniques are used everywhere, it would lead to a significant decrease of phishing e-mails.

Black Hat - USA - 2019 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-07HostSplit: Exploitable Antipatterns in Unicode Normalization
2022-01-07Behind the scenes of iOS and Mac Security
2022-01-07How Do Cyber Insurers View The World?
2022-01-07Controlled Chaos: The Inevitable Marriage of DevOps & Security
2022-01-07Detecting Deep Fakes with Mice
2022-01-07Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware
2022-01-07Detecting Malicious Files with YARA Rules as They Traverse the Network
2022-01-070-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars
2022-01-07Critical Zero Days Remotely Compromise the Most Popular Real Time OS
2022-01-07DevSecOps : What, Why and How
2022-01-07How to Detect that Your Domains are Being Abused for Phishing by Using DNS
2022-01-07A Compendium of Container Escapes
2022-01-07Cyber Insurance 101 for CISO's
2022-01-07A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works
2022-01-07HTTP Desync Attacks: Smashing into the Cell Next Door
2022-01-07Dragonblood: Attacking the Dragonfly Handshake of WPA3
2022-01-07Cybersecurity Risk Assessment for Safety-Critical Systems
2022-01-07Adventures in the Underland The CQForensic Toolkit as a Unique Weapon Against Hackers
2022-01-07Everybody be Cool, This is a Robbery!
2022-01-07Biometric Authentication Under Threat Liveness Detection Hacking
2022-01-07Hunting for Bugs, Catching Dragons


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
web
concept
protection
network
malware
identity
criminal
software
access
system
firewall
communication
business
privacy
binary
account
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Karl Lovink
DNS
abused for phishing
detect
domains
Arnold Hölzel