Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Let’s go Phishing
with Email!
Write-Output “Hello”
I’m Wesley Kirkland
I have over 3 years of Systems Engineering experience
consisting of On Premise, C...
SPF (Sender Policy Framework)
● Declared Experimental in 2006 (RFC4408)
● Proposed Standard (RFC7208)
● DNS Records: TXT a...
SPF Types and Errors
● +all
● N/A
● ?all
● ~all
● -all
● TempError
● PermError
SPF 2.0
● Wait What!
● Sender ID
○ Obsolete
○ Independent
● Microsoft
○ Developer
○ Open Specification Promise
● Example:
...
DKIM (DomainKeys Identified Mail)
● Proposed Standard in 2007 (RFC4871, RFC6376)
● Digitally signing email via asymmetric ...
DMARC (Domain-based Message
Authentication, Reporting & Conformance)
● SPF Alignments
● DKIM Alignments
● Reporting
a. Agg...
Who uses DMARC
Policy: None
● apple.com - SPF SoftFail
● cars.com - SPF SoftFail
● cisco.com - SPF SoftFail
● costco.com -...
DMARC & Common ESPs
● Sub Domain Quarantine
○ Gmail.com
○ Live.com
○ Hotmail.com
○ Outlook.com
● Quarantine
○ icloud.com
○...
Commonly Misunderstood Things
● New Domains
● SPF is all your need
● Domain whitelisting
Useful Tools
● DNSTrails
● MXToolbox
● EXCRA
● Dmarcian’s DMARC Inspector
● CheckTLS
● Emkei’s Fake Mailer
● DKIM Validator
O365 Phishing & Fake Email
Sending
Bad Bulk Mailers
● SendGrid
● Mandrill/Mail Chimp
Get-Contact
◇ Github: https://github.com/wesleykirkland
◇ Email: wesley@wesleyk.me
◇ Web: wesleyk.me
◇ Linkedin: WesleyKir...
Nächste SlideShare
Wird geladen in …5
×

Let's go Phishing with Email!

113 Aufrufe

Veröffentlicht am

In this talk I go through SPF, Sender ID, DKIM, and DMARC to demonstrate and explain how all of these technologies come together to improve your email security. I also showcase a demo of O365 and how vulnerable it is to phishing by common mistakes and demonstrating how the whitelist function is really dangerous.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Let's go Phishing with Email!

  1. 1. Let’s go Phishing with Email!
  2. 2. Write-Output “Hello” I’m Wesley Kirkland I have over 3 years of Systems Engineering experience consisting of On Premise, Cloud, and automation. Currently I work at Ministry Brands as a Sr. Systems Engineer working with PowerShell, Azure, and Office 365.
  3. 3. SPF (Sender Policy Framework) ● Declared Experimental in 2006 (RFC4408) ● Proposed Standard (RFC7208) ● DNS Records: TXT and not Type 99 ● VERP (Variable envelope return path) ○ Example: wikipedians- owner+bob=example.org@example.net ● SPF Oddities ● SPF Nesting ● Include Types ○ A ○ MX ○ PTR ○ ip4 ○ ip6 ○ Include ○ Redirect ○ Exists ■ Dynamic ■ %{i}._spf.s$domain.$tld
  4. 4. SPF Types and Errors ● +all ● N/A ● ?all ● ~all ● -all ● TempError ● PermError
  5. 5. SPF 2.0 ● Wait What! ● Sender ID ○ Obsolete ○ Independent ● Microsoft ○ Developer ○ Open Specification Promise ● Example: ○ SPF: v=spf1 include:spf.sign-up.to ~all ○ Sender ID:spf2.0/pra include:spf.sign-up.to ~all ○ Sender ID: spf2.0/pra,mfrom include:spf.sign-up.to ~all ● Major ESPs (Email Service Providers) ○ AOL ○ Bell Canada
  6. 6. DKIM (DomainKeys Identified Mail) ● Proposed Standard in 2007 (RFC4871, RFC6376) ● Digitally signing email via asymmetric encryption ○ Validated via DNS public key ○ selector1._domainkeys.$domain.$tld ● Verify the integrity of your mail across the internet ● Actions (Pass, Fail) ● Adoption
  7. 7. DMARC (Domain-based Message Authentication, Reporting & Conformance) ● SPF Alignments ● DKIM Alignments ● Reporting a. Aggregate b. Forensic ● Policies a. None b. Quarantine c. Reject ● Use cases a. Phishing Protection b. Simplifying Email Delivery c. Domain Reputation ● DMARC on the 2016 Election
  8. 8. Who uses DMARC Policy: None ● apple.com - SPF SoftFail ● cars.com - SPF SoftFail ● cisco.com - SPF SoftFail ● costco.com - SPF HardFail ● dell.com - SPF SoftFail ● delta.com - SPF HardFail ● discover.com - SPF SoftFail ● House.gov - SPF HardFail ● godaddy.com - SPF SoftFail ● kroger.com - SPF HardFail ● salesforce.com - SPF SoftFail Policy: Reject ● americanexpress.com, aexp.com ● britishairways.com ● citibank.com ● facebook.com ● fedex.com ● linkedin.com ● ups.com ● ftc.gov ● senate.gov ● usps.gov ● wellsfargo.com Source: https://dmarc.org/who-is-using-dmarc/
  9. 9. DMARC & Common ESPs ● Sub Domain Quarantine ○ Gmail.com ○ Live.com ○ Hotmail.com ○ Outlook.com ● Quarantine ○ icloud.com ○ Me.com ○ Mac.com ● Reject ○ Yahoo.com ○ Aol.com ● The US Government BOD 18-01 ○ HTTPS Only ○ HSTS ○ STARTTLS ○ SPF/DMARC ○ October 16th, 2018
  10. 10. Commonly Misunderstood Things ● New Domains ● SPF is all your need ● Domain whitelisting
  11. 11. Useful Tools ● DNSTrails ● MXToolbox ● EXCRA ● Dmarcian’s DMARC Inspector ● CheckTLS ● Emkei’s Fake Mailer ● DKIM Validator
  12. 12. O365 Phishing & Fake Email Sending
  13. 13. Bad Bulk Mailers ● SendGrid ● Mandrill/Mail Chimp
  14. 14. Get-Contact ◇ Github: https://github.com/wesleykirkland ◇ Email: wesley@wesleyk.me ◇ Web: wesleyk.me ◇ Linkedin: WesleyKirkland ◇ Twitter: @UnleashTheCloud All examples can be found be found below https://github.com/wesleykirkland/PowerShell- Email-Security

×