Domains of Grays.

Presented at BSidesLV 2016, Aug. 3, 2016, 11:30 a.m. (60 minutes)

One of the most consistently reliable means for an attacker to gain access to an organization's computing resources is via phishing - by socially engineering an authorized user into providing access to the attacker by inadvertently disclosing their credentials. There are numerous ways that are currently in use to prevent phishing already, but there is always room for improvement. In this case, we propose taking a spam-mitigation measure, greylisting, and applying it to DNS such that it will hamper the ability of phishers to complete a common type of attack. Additionally, this methodology will also mitigate other, similar threats that rely on fast resolution of DNS in order to function correctly. We will be providing a POC implementation for DNS greylisting so that you can evaluate its effectiveness as well.

Presenters:

• Eric Rand - Systems Mangler - Brown Hat Security
  An amateur blacksmith, an amateur radio operator, and a professional know-it-all, Eric has had a deep appreciation for the lore surrounding the IT world for many years. When he's not digging through obscure fora to find out who thought XCHG EAX:EAX was a good idea for a NOP command, Eric is either forging coathooks or stitching together various systems that were never designed to work together. He lives in the mountains of southern California with his wife and cats.

Links:

• https://bsideslv2016.sched.com/event/7azP/domains-of-grays

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / DNS Exfiltration and Out-of-Band Attacks
• NolaCon 2016 / Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools
• NolaCon 2019 / DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy