Doppelganger Domains

Presented at ToorCon San Diego 13 (2011), Oct. 8, 2011, 3 p.m. (50 minutes).

Domain typosquatting is commonly used to spread malware to users whom accidentally misspell a legitimate domain in their web browser. A new twist to domain typosquatting is applying the same human element issue to email and other network based services.

How many people would notice that they sent an email to the wrong place? What type of data could one passively gather from emails missent to the wrong domain? Would someone ever attempt to authenticate to the wrong machine?

In this presentation we will cover two email attack vectors that stem from Doppelganger Domains, show real world examples of what can type of data can be leaked and discuss how you can protect your company in the future.

Presenters:

• Garrett Gee
  Garrett Gee is a penetration tester, researcher, and entrepreneur. He has been in the information security industry for the last 13 years, and is an active member of the community. He is an OWASP chapter leader, and has authored several tools. In 2001 he developed the first bootable live cd for penetration testing and forensics called PLAC. He has appeared on several news venues such as 60 Minutes, ABC News, and The Washington Post.
• Peter Kim

Similar Presentations:

• May Contain Hackers (MCH2022) / Bring Your Own IDentity
• May Contain Hackers (MCH2022) / Running a Domain Registrar for Fun and (some) Profit
• BSidesLV 2023 / Email Detection Engineering and Threat Hunting