BSides San Francisco - Twist & Shout: Ferris Bueller's Guide to Abuse Domain Permutations

Date:
Past Event
Location:
City View at Metreon, 4th and Mission, San Francisco, CA
Illustration fox speaking at podium to audience

Internet scammers move pretty fast. If you don't stop and look around once in a while, you could miss it. Just as Ferris Bueller always had another trick up his sleeve to dupe Principle Rooney, attackers are employing homoglyphs, subdomain attacks, typo-squats, bit-squats, and similar attacks to trick internet denizens with fraudulent websites. Adversaries may register domains permutations in order to commit fraud, distribute malware, redirect traffic, steal credentials, or for corporate espionage. We know these threats have been around for a while, but not many defenders adopt proactive technical controls in their social engineering incident response plans.

The question isn't what are we going to do about it. The question is what aren't we going to do. With the capability to continuously monitor domain permutations for new HTTP, HTTPS, or SMTP services in real-time, the blue team doesn’t have to trust domain permutations any further than they can throw them.

In this talk, we will demonstrate red team and blue team techniques. For Buellers, demonstrations include ways to leverage domain permutations in adversary simulations. For Rooneys, we will detail how to better prepare, identify, contain, and eradicate threats that utilize domain permutations. If you’re not leveraging our recommended technical controls to defeat attackers, you risk fishing for your wallet in a yard full of rage-fueled Rottweilers.

Partner Rob Ragan and Security Analyst Kelly Albrink will present Twist & Shout: Ferris Bueller's Guide to Abuse Domain Permutations at BSides San Francisco on Sunday, March 3, 2019.


Rob Ragan

About the speaker, Rob Ragan

Principal Researcher

Rob Ragan is a Principal Researcher at Bishop Fox. Rob focuses on pragmatic solutions for clients and technology. He oversees strategy for continuous security automation. Rob has presented at Black Hat, DEF CON, and RSA. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.

Rob has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard's Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.

More by Rob

Kelly albrink

About the speaker, Kelly Albrink

Application Security Practice Director

Kelly Albrink is the Application Security Practice Director at Bishop Fox where she focuses on leading a diverse practice that includes traditional application security, mobile applications, and product security (including embedded, industrial, and IoT devices).

As the Application Security Practice Director at Bishop Fox, she has helped facilitate the expansion of the practice to focus on security during the design phase. This includes the development of offerings such as architecture security assessments, source code review, and threat modeling. She has also created a consulting mentorship program and led the revamp of an internal knowledge-sharing series of technical talks.

As a consultant, Kelly frequently performed hardware and wireless testing, becoming a subject matter expert in this area. She is responsible for identifying a high-risk CVE that impacted an Eaton power management appliance.

Kelly is an active member of the security community. At the first ever DerpCon, she presented on Software Defined Radio (SDR), a topic she later wrote about for the Bishop Fox blog in "Ham Hacks: Breaking into Software-Defined Radio."

More by Kelly

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.