You Have No Idea Who Sent That Email - 18 Attacks on Email Sender Authentication

You Have No Idea Who Sent That Email - 18 Attacks on Email Sender Authentication

Black Hat via YouTube Direct link

Sender Policy Framework (SPF)

4 of 16

4 of 16

Sender Policy Framework (SPF)

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

You Have No Idea Who Sent That Email - 18 Attacks on Email Sender Authentication

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 How Do You Verify the Email Sender?
  3. 3 Background: Email Transmission
  4. 4 Sender Policy Framework (SPF)
  5. 5 Domain Message Authentication, Reporting and Conformance (MARC)
  6. 6 Overview of Email Authentication Flow
  7. 7 Key Idea of Our Attacks
  8. 8 Inconsistencies b/w SPF and DMARC
  9. 9 Inconsistencies b/w DKIM and DNS
  10. 10 Exp. 3a: DKIM Authentication Results Injection
  11. 11 a: Multiple From Headers
  12. 12 From Sender Ambiguity
  13. 13 Complex From Header Syntax
  14. 14 h: Exploiting Parsing Inconsistencies
  15. 15 Spoofing via an Email Service Account
  16. 16 Thinking on Defense

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.