Overview
This course aims to educate learners on the vulnerabilities in email sender authentication, specifically focusing on 18 types of attacks that can bypass mechanisms like SPF, DKIM, and DMARC. The course teaches skills such as identifying inconsistencies in authentication protocols, exploiting parsing inconsistencies, and spoofing via email service accounts. The teaching method involves presenting real-world attack scenarios and demonstrating how attackers can impersonate senders without detection. This course is intended for security professionals, email service providers, and individuals interested in understanding email security threats and defenses.
Syllabus
Intro
How Do You Verify the Email Sender?
Background: Email Transmission
Sender Policy Framework (SPF)
Domain Message Authentication, Reporting and Conformance (MARC)
Overview of Email Authentication Flow
Key Idea of Our Attacks
Inconsistencies b/w SPF and DMARC
Inconsistencies b/w DKIM and DNS
Exp. 3a: DKIM Authentication Results Injection
a: Multiple From Headers
From Sender Ambiguity
Complex From Header Syntax
h: Exploiting Parsing Inconsistencies
Spoofing via an Email Service Account
Thinking on Defense
Taught by
Black Hat