MailFail: Who's Spoofing your Email, and How are they Doing it? #livestream #infosec #email #server

/// 🔗 Register for webcasts, summits, and workshops - https://blackhillsinfosec.zoom.us/ze/hub/stadium ✉️ MailFail Extension (Firefox) and other resources https://m.ail.fail/ 🛝 Webcast Slides - https://www.blackhillsinfosec.com/wp-content/uploads/2024/06/SLIDES_BHIS_MAILFAIL.pdf 🔗 Jack's list of DKIM selectors - https://github.com/ACK-J/MailFail/blob/main/DKIM_Selectors.txt - 🔗 Download the extension - https://addons.mozilla.org/en-US/firefox/addon/mailfail/ - 🔗 github repository - https://github.com/ACK-J/MailFail/ - 🔗 Reconstruct private keys from the two prime numbers - https://gist.github.com/ACK-J/487d0de5737458d953ca818a0645b09b - 🔗 Send DKIM signed emails script with a private key - https://gist.github.com/ACK-J/76585af46375641ec841cb6b77d345c3 - 🔗 Here's a bonus that wasn't in the presentation - Python script that takes in a list of domains and checks them for DMARC misconfigurations - https://gist.github.com/ACK-J/8a189bafbb54e00fb1b3f3e22dcd81c9 - MailFail: Who's Spoofing your Email, and How are they Doing it? The Inherent flaws of email security with Jack Hyland Dear Reader, Email is a topic people either know very well or not at all. I was in the latter category before I started my research alongside a wise Nigerian prince. Now I want to spread the word with a webcast that definitely cannot be summarized by an email. At least not one which you'd actually read. I’ve found universities, government websites, and “top 100s” with misconfigurations. SMTP is inherently insecure; anyone can spoof any email address. Over the years, there have been layers of security mechanisms bolted to your inbox to reject these spoofs. Most folks don't know they exist, let alone how they work. (SPF, DMARC, ARC, DANE, MTA-STS, BIMI, SMTP TLS Reporting, DNSSEC, and DKIM) In conclusion, I’ve developed a web browser extension which will highlight what is good and what is bad in your org’s configuration, and then show you how attackers could exploit the bad. Sincerely, Abraham Lincoln ///Chapters https://www.seevid.ir/fa/w/UbdMAmsWus8 Introduction https://www.seevid.ir/fa/w/UbdMAmsWus8 Concepts https://www.seevid.ir/fa/w/UbdMAmsWus8 Take Aways https://www.seevid.ir/fa/w/UbdMAmsWus8 Email Terminology https://www.seevid.ir/fa/w/UbdMAmsWus8 SMTP Commands https://www.seevid.ir/fa/w/UbdMAmsWus8 Malicious MTA https://www.seevid.ir/fa/w/UbdMAmsWus8 Sending an Email https://www.seevid.ir/fa/w/UbdMAmsWus8 Send-MailMessage https://www.seevid.ir/fa/w/UbdMAmsWus8 Sender Policy Framework (SPF) https://www.seevid.ir/fa/w/UbdMAmsWus8 SPF Bypass https://www.seevid.ir/fa/w/UbdMAmsWus8 SPF https://www.seevid.ir/fa/w/UbdMAmsWus8 SMTP From vs Email From https://www.seevid.ir/fa/w/UbdMAmsWus8 Other Mail Clients https://www.seevid.ir/fa/w/UbdMAmsWus8 SPF Bypassed https://www.seevid.ir/fa/w/UbdMAmsWus8 DomianKeys Identified Mail (DKIM) https://www.seevid.ir/fa/w/UbdMAmsWus8 DKIM Bypass https://www.seevid.ir/fa/w/UbdMAmsWus8 DKIM https://www.seevid.ir/fa/w/UbdMAmsWus8 Cracking DKIM Keys https://www.seevid.ir/fa/w/UbdMAmsWus8 Domain-Based Message Authentication (DMARC) https://www.seevid.ir/fa/w/UbdMAmsWus8 DMARC Facts https://www.seevid.ir/fa/w/UbdMAmsWus8 DMARC https://www.seevid.ir/fa/w/UbdMAmsWus8 DMARC Policy https://www.seevid.ir/fa/w/UbdMAmsWus8 DMARC Reporting https://www.seevid.ir/fa/w/UbdMAmsWus8 MAILFAIL https://www.seevid.ir/fa/w/UbdMAmsWus8 Conclusion TL;DR https://www.seevid.ir/fa/w/UbdMAmsWus8 Reference https://www.seevid.ir/fa/w/UbdMAmsWus8 Q&A Chat with your fellow attendees in the Black Hills Infosec Discord server: https://discord.gg/BHIS in the #🔴webcast-live-chat channel.