Primal Security Podcast

Categories

general

Archives

2017
August
June
April
March

2016
December
October
September
July
May
April
March
February
January

2015
December
November
October

2014
November
October
August
May
April
February

2013
November
July

May 2019
S M T W T F S
     
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

Syndication

News Items:

 

Technical Segment: Email Spoofing and Phishing

Highlight: If a company is using Google Apps for Work and has not set up SPF/DKIM/DMARC their domain can be leveraged to spoof emails..very reliably.

  • Surprise surprise, people click links! Do you even need to be crafty? No probably not, but lets discuss some ways anyhow.
  • You can spoof Emails - It can happen: Great write-up from Cobalt Strike
    • If you are new to the email spoofing you should really read this article
  • Telnet to the mail server, and attempt to manually craft the email. This works in default configurations on many Email servers and security appliances - SPF/DKIM/DMARC may not be setup allowing you to send email from the domain unauthenticated - The Cobalt Strike blog demonstrates that.
  • This can also be done in Gmail! - Shows up as spoofed in normal gmail, but what about Google Apps for Work - You do not have SPF/DKIM/DMARC setup and can very easily spoof emails from that domain - both two the target domain and externally, and it will very frequently bypass security controls - we will release code on how to do that.
  • We are normally targeting organizations that leverage Outlook - It will only grab the name portion of the email header (not the email) and present that to users, so you can have a Gmail email (can bypass controls since its Gmail/legit) and you can send email using Python (or another scripting language), and modify the name to be a quazi-spoof.
Direct download: PrimalSec-Ep22-Phishers-Paradise.mp3
Category:general -- posted at: 3:51pm PDT