Why spoof, when you can ȯwn?

Presented at CackalackyCon 2 (2023), May 7, 2023, 11 a.m. (30 minutes).

Homoglyph attacks seem to come up every few years in security blogs. Replace (INSERT CHARACTER HERE) with a nearly identical, rarely used Unicode character, and voila you have a string that might fool an unsuspecting party. It's like typosquatting, but the difference between the real string and the homoglyph will likely be harder to spot than a misspelling or extra letter. This talk will cover use cases, real world examples, and a tool I am working on to easily identify discreet homoglyph URLs for your org.


Presenters: