Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

Spoofy in Action: Advancing Domain Spoofing Detection

Learn how to efficiently identify subdomain takeover vulnerabilities using Spoofy, an open-source tool that automates the assessment process and helps protect your organization from potential subdomain spoofing attacks.

Domain spoofing is a classic offensive security technique, especially for social engineering and red team engagements. Bishop Fox has been a long-time user and creator of open-source email spoofing tools dating back to 2017 when Alex DeFreese, Senior Software Engineer, developed SpoofCheck and shared it with the security community.

Fast forward to 2022 when former Fox, Matt Keeley, created Spoofy adding enhanced functionalities to the foundational techniques of SpoofCheck. We examine Spoofy’s authoritative lookups with a predetermined fallback (Cloudflare DNS), custom spoof logic based on real-world test results, and a SPF lookup counter.

The creator of Spoofy demonstrates Spoofy, a powerful open-source tool for identifying subdomain takeover vulnerabilities. The session covers how attackers can exploit abandoned DNS records to perform subdomain spoofing, potentially leading to domain impersonation and credential theft. Barrett explains the manual assessment process and then showcases how Spoofy automates these steps, efficiently scanning for vulnerable subdomains across multiple service providers. The tool identifies when DNS records point to services no longer in use, creating opportunities for attackers to claim these abandoned subdomains. You'll learn how Spoofy helps organizations protect themselves by providing a comprehensive inventory of subdomains and identifying those vulnerable to takeover, all while reducing the time-consuming manual work typically required for such assessments.


Joe sechman

About the author, Joe Sechman

AVP of R&D at Bishop Fox

Joe is a Bishop Fox alumnus. Over his career, Joe has amassed many security certifications, delivered several presentations, and has co-authored multiple industry publications with groups such as ISC2, ISACA, ASIS, HP, and IEEE.

Additionally, Joe is a prolific inventor with nine granted patents in the fields of dynamic and runtime application security testing, attack surface enumeration, and coverage (U.S. Patents 10,699,017, 10,515,219, 10,516,692, 10,515,220, 10,423,793, 9,846,781, 10,650,148, 10,587,641, and 11,057,395). Prior to joining Bishop Fox, Joe held leadership positions with companies such as Cobalt Labs, HP Fortify, Royal Philips, and Sunera LLC (now Focal Point Data Risk). Earlier in his career, Joe served as the lead penetration tester within SPI Labs at SPI Dynamics where he cut his teeth alongside some of the best and brightest application security industry professionals. Joe received his Bachelor of Business Administration degree in Management Information Systems from the Terry College of Business - University of Georgia.
More by Joe

Matt k

About the author, Matt Keeley

Security Researcher

Matt Keeley is former Senior Security Consultant at Bishop Fox specializing in application penetration testing, product security reviews, and source code analysis. He holds a Bachelor of Science in Computer Science (Cybersecurity) from Arizona State University Master of Science Computer Science from Georgia Institute of Technology. During his sophomore year at ASU, Matt co-founded the DevilSec cybersecurity club, where he presents weekly red/blue team topics to students and arranges for top speakers, CEO’s, and guests of honor to present on industry related subjects. Matt is an avid security researcher and is considered an internal subject matter expert for product security reviews. He was also recently quoted in IT Business Edge and interviewed on the InfoSec Prep podcast. Matt currently holds his OSCP, OSWE, OSCE, OSWP and CRTO certifications.

More by Matt

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.