Doppelganger Domains

Presented at ToorCon San Diego 13 (2011), Oct. 8, 2011, 3 p.m. (50 minutes)

Domain typosquatting is commonly used to spread malware to users whom accidentally misspell a legitimate domain in their web browser. A new twist to domain typosquatting is applying the same human element issue to email and other network based services. How many people would notice that they sent an email to the wrong place? What type of data could one passively gather from emails missent to the wrong domain? Would someone ever attempt to authenticate to the wrong machine? In this presentation we will cover two email attack vectors that stem from Doppelganger Domains, show real world examples of what can type of data can be leaked and discuss how you can protect your company in the future.


  • Peter Kim
  • Garrett Gee
    Garrett Gee is a penetration tester, researcher, and entrepreneur. He has been in the information security industry for the last 13 years, and is an active member of the community. He is an OWASP chapter leader, and has authored several tools. In 2001 he developed the first bootable live cd for penetration testing and forensics called PLAC. He has appeared on several news venues such as 60 Minutes, ABC News, and The Washington Post.

Similar Presentations: