MailFail: Who's Spoofing your Email, and How are they Doing it?
Вставка
- Опубліковано 26 чер 2024
- /// 🔗 Register for webcasts, summits, and workshops -
blackhillsinfosec.zoom.us/ze/...
✉️ MailFail Extension (Firefox) and other resources
m.ail.fail/
🛝 Webcast Slides -
www.blackhillsinfosec.com/wp-...
🔗 Jack's list of DKIM selectors -
github.com/ACK-J/MailFail/blo... -
🔗 Download the extension -
addons.mozilla.org/en-US/fire... -
🔗 github repository -
github.com/ACK-J/MailFail/ -
🔗 Reconstruct private keys from the two prime numbers -
gist.github.com/ACK-J/487d0de... -
🔗 Send DKIM signed emails script with a private key -
gist.github.com/ACK-J/76585af... -
🔗 Here's a bonus that wasn't in the presentation -
Python script that takes in a list of domains and checks them for DMARC misconfigurations -
gist.github.com/ACK-J/8a189ba... -
MailFail: Who's Spoofing your Email, and How are they Doing it?
The Inherent flaws of email security with Jack Hyland
Dear Reader,
Email is a topic people either know very well or not at all.
I was in the latter category before I started my research alongside a wise Nigerian prince. Now I want to spread the word with a webcast that definitely cannot be summarized by an email. At least not one which you'd actually read.
I’ve found universities, government websites, and “top 100s” with misconfigurations.
SMTP is inherently insecure; anyone can spoof any email address. Over the years, there have been layers of security mechanisms bolted to your inbox to reject these spoofs. Most folks don't know they exist, let alone how they work. (SPF, DMARC, ARC, DANE, MTA-STS, BIMI, SMTP TLS Reporting, DNSSEC, and DKIM)
In conclusion, I’ve developed a web browser extension which will highlight what is good and what is bad in your org’s configuration, and then show you how attackers could exploit the bad.
Sincerely,
Abraham Lincoln
Chat with your fellow attendees in the Black Hills Infosec Discord server:
/ discord
in the #🔴webcast-live-chat channel. - Розваги
✉ MailFail Extension (Firefox) and other resources
m.ail.fail/
🔗 Jack's list of DKIM selectors -
github.com/ACK-J/MailFail/blob/main/DKIM_Selectors.txt -
🔗 Download the extension -
addons.mozilla.org/en-US/firefox/addon/mailfail/ -
🔗 github repository -
github.com/ACK-J/MailFail/ -
🔗 Reconstruct private keys from the two prime numbers -
gist.github.com/ACK-J/487d0de5737458d953ca818a0645b09b -
🔗 Send DKIM signed emails script with a private key -
gist.github.com/ACK-J/76585af46375641ec841cb6b77d345c3 -
🔗 Here's a bonus that wasn't in the presentation -
Python script that takes in a list of domains and checks them for DMARC misconfigurations -
gist.github.com/ACK-J/8a189bafbb54e00fb1b3f3e22dcd81c9 -
🛝 Webcast Slides -
www.blackhillsinfosec.com/wp-content/uploads/2024/06/SLIDES_BHIS_MAILFAIL.pdf
/// 🔗 Register for webcasts, summits, and workshops -
blackhillsinfosec.zoom.us/ze/hub/stadium
Jack did great -- having someone technical give the webinar is fantastic. We got a good (review for me) technical explanation of SPF/DKIM/DMARC and why they really aren't that great. I'll stay tuned for more on the strength of this presentation --- the inclusion of misuse cases was one of the strongest points.
Great presentation by Jack, appreciated your humor and demo's
awesome , thanks
Awesome thx