Spoofy in Action: Advancing Domain Spoofing Detection
Learn how to efficiently identify subdomain takeover vulnerabilities using Spoofy, an open-source tool that automates the assessment process and helps protect your organization from potential subdomain spoofing attacks.
Domain spoofing is a classic offensive security technique, especially for social engineering and red team engagements. Bishop Fox has been a long-time user and creator of open-source email spoofing tools dating back to 2017 when Alex DeFreese, Senior Software Engineer, developed SpoofCheck and shared it with the security community.
Fast forward to 2022 when former Fox, Matt Keeley, created Spoofy adding enhanced functionalities to the foundational techniques of SpoofCheck. We examine Spoofy’s authoritative lookups with a predetermined fallback (Cloudflare DNS), custom spoof logic based on real-world test results, and a SPF lookup counter.
The creator of Spoofy demonstrates Spoofy, a powerful open-source tool for identifying subdomain takeover vulnerabilities. The session covers how attackers can exploit abandoned DNS records to perform subdomain spoofing, potentially leading to domain impersonation and credential theft. Barrett explains the manual assessment process and then showcases how Spoofy automates these steps, efficiently scanning for vulnerable subdomains across multiple service providers. The tool identifies when DNS records point to services no longer in use, creating opportunities for attackers to claim these abandoned subdomains. You'll learn how Spoofy helps organizations protect themselves by providing a comprehensive inventory of subdomains and identifying those vulnerable to takeover, all while reducing the time-consuming manual work typically required for such assessments.