Presentation by Kelly Albrink and Rob Ragan at Sqr00t 2019
Internet scammers move pretty fast. If you don’t stop and look around once in a while, you could miss it.
Just as Ferris Bueller always had another trick up his sleeve to dupe Principle Rooney, attackers are employing homoglyphs, subdomain attacks, typo-squats, bit-squats, and similar attacks to trick internet denizens with fraudulent websites. Adversaries may register domains permutations in order to commit fraud, distribute malware, redirect traffic, steal credentials, or for corporate espionage. We know these threats have been around for a while, but not many defenders adopt proactive technical controls in their social engineering incident response plans.
The question isn’t what are we going to do about it. The question is what aren’t we going to do. With the capability to continuously monitor domain permutations for new HTTP, HTTPS, or SMTP services in real-time, the blue team doesn’t have to trust domain permutations any further than they can throw them.
This presentation covers:
- Types of Abuse Domain Permutations
- Why Domain Abuse Happens
- Monitoring & Defense Techniques