Explore the world of email address reputation and its role in identifying spear-phishing and fraud in this conference talk from Shmoocon 2020. Dive into the concept of EmailRep, a system that uses OSINT techniques, crawlers, and data from various sources to predict the risk associated with email addresses. Learn about the technical architecture, implementation, and how both blue and red teams can utilize this tool. Discover the importance of internet history in differentiating legitimate email addresses from attacker personas, and understand the potential shortcomings of this approach. Gain insights into the various data points used, including social media profiles, Github activity, LinkedIn accounts, and credential dumps. Follow along as the speaker demonstrates live queries of EmailRep and discusses its free availability through emailrep.io or API.
Overview
Syllabus
Intro
What is VoightKampff
Joshs Bio
Agenda
Background
Email Addresses
Email Reputation API
Defining Reputation
High Reputation
Why now
Phishing Defense
Examples
compromised email addresses
technical details
inputs
data breaches
whois
DNS
Reputation SMTP
MX Record Lookup
Invalid Email
Warnings
Domain Reputation
Frontend Stack
Profiles
Information Disclosure
Lastfm
PayPal
Gravatar
LinkedIn
Web Crawling
Experiment
Building the Graph
Building a Twitter Profile
Nodes Connected
Cryptographic Hash Functions
Perceptual Hash Functions
Gravatar Profile
Similarities
Connections between disparate graphs
Reporting
Community
Phishing
Blacklisting
Scoring
Data
Reputation Distribution
Russian OpenBSD
Abuse
South Korea
countermeasures
TLDR
Key Requests
Slack Ping
Future Stuff
Breach Data
Live Demo
Questions
Taught by
0xdade
