MailFail: Who's Spoofing your Email, and How are they Doing it? #livestream #infosec #email #server
5.4 هزار بار بازدید -
3 ماه پیش
-
/// 🔗 Register for webcasts,
/// 🔗 Register for webcasts, summits, and workshops -
https://blackhillsinfosec.zoom.us/ze/hub/stadium
✉️ MailFail Extension (Firefox) and other resources
https://m.ail.fail/
🛝 Webcast Slides -
https://www.blackhillsinfosec.com/wp-content/uploads/2024/06/SLIDES_BHIS_MAILFAIL.pdf
🔗 Jack's list of DKIM selectors -
https://github.com/ACK-J/MailFail/blob/main/DKIM_Selectors.txt -
🔗 Download the extension -
https://addons.mozilla.org/en-US/firefox/addon/mailfail/ -
🔗 github repository -
https://github.com/ACK-J/MailFail/ -
🔗 Reconstruct private keys from the two prime numbers -
https://gist.github.com/ACK-J/487d0de5737458d953ca818a0645b09b -
🔗 Send DKIM signed emails script with a private key -
https://gist.github.com/ACK-J/76585af46375641ec841cb6b77d345c3 -
🔗 Here's a bonus that wasn't in the presentation -
Python script that takes in a list of domains and checks them for DMARC misconfigurations -
https://gist.github.com/ACK-J/8a189bafbb54e00fb1b3f3e22dcd81c9 -
MailFail: Who's Spoofing your Email, and How are they Doing it?
The Inherent flaws of email security with Jack Hyland
Dear Reader,
Email is a topic people either know very well or not at all.
I was in the latter category before I started my research alongside a wise Nigerian prince. Now I want to spread the word with a webcast that definitely cannot be summarized by an email. At least not one which you'd actually read.
I’ve found universities, government websites, and “top 100s” with misconfigurations.
SMTP is inherently insecure; anyone can spoof any email address. Over the years, there have been layers of security mechanisms bolted to your inbox to reject these spoofs. Most folks don't know they exist, let alone how they work. (SPF, DMARC, ARC, DANE, MTA-STS, BIMI, SMTP TLS Reporting, DNSSEC, and DKIM)
In conclusion, I’ve developed a web browser extension which will highlight what is good and what is bad in your org’s configuration, and then show you how attackers could exploit the bad.
Sincerely,
Abraham Lincoln
///Chapters
https://www.seevid.ir/fa/w/UbdMAmsWus8 Introduction
https://www.seevid.ir/fa/w/UbdMAmsWus8 Concepts
https://www.seevid.ir/fa/w/UbdMAmsWus8 Take Aways
https://www.seevid.ir/fa/w/UbdMAmsWus8 Email Terminology
https://www.seevid.ir/fa/w/UbdMAmsWus8 SMTP Commands
https://www.seevid.ir/fa/w/UbdMAmsWus8 Malicious MTA
https://www.seevid.ir/fa/w/UbdMAmsWus8 Sending an Email
https://www.seevid.ir/fa/w/UbdMAmsWus8 Send-MailMessage
https://www.seevid.ir/fa/w/UbdMAmsWus8 Sender Policy Framework (SPF)
https://www.seevid.ir/fa/w/UbdMAmsWus8 SPF Bypass
https://www.seevid.ir/fa/w/UbdMAmsWus8 SPF
https://www.seevid.ir/fa/w/UbdMAmsWus8 SMTP From vs Email From
https://www.seevid.ir/fa/w/UbdMAmsWus8 Other Mail Clients
https://www.seevid.ir/fa/w/UbdMAmsWus8 SPF Bypassed
https://www.seevid.ir/fa/w/UbdMAmsWus8 DomianKeys Identified Mail (DKIM)
https://www.seevid.ir/fa/w/UbdMAmsWus8 DKIM Bypass
https://www.seevid.ir/fa/w/UbdMAmsWus8 DKIM
https://www.seevid.ir/fa/w/UbdMAmsWus8 Cracking DKIM Keys
https://www.seevid.ir/fa/w/UbdMAmsWus8 Domain-Based Message Authentication (DMARC)
https://www.seevid.ir/fa/w/UbdMAmsWus8 DMARC Facts
https://www.seevid.ir/fa/w/UbdMAmsWus8 DMARC
https://www.seevid.ir/fa/w/UbdMAmsWus8 DMARC Policy
https://www.seevid.ir/fa/w/UbdMAmsWus8 DMARC Reporting
https://www.seevid.ir/fa/w/UbdMAmsWus8 MAILFAIL
https://www.seevid.ir/fa/w/UbdMAmsWus8 Conclusion TL;DR
https://www.seevid.ir/fa/w/UbdMAmsWus8 Reference
https://www.seevid.ir/fa/w/UbdMAmsWus8 Q&A
Chat with your fellow attendees in the Black Hills Infosec Discord server:
https://discord.gg/BHIS
in the #🔴webcast-live-chat channel.
3 ماه پیش
در تاریخ 1403/04/07 منتشر شده
است.
5,476
بـار بازدید شده