Passive recon & intelligence collection using cyber-squatted domains • NorthSec 2024

Back to the list of Speakers and Sessions
Watch the stream

The DNS system was not designed with security in mind, and domain Squatting techniques are most commonly identified and known by their use in phishing attacks. In this talk we will demonstrate a less-often considered use for these domain names as reconnaissance and intelligence gathering tools.

Domain squatting presents the creative attacker with low cost, and extremely effective ways to passively gather large amounts of useful data & intelligence. These techniques can be highly targeted, or they can be used by cyber criminals to cast a wide net, taking advantage of victims as the opportunities present themselves.

For our research, we are using "catch-all" email inboxes on squatted variants of a very popular public email service. Our intention for this data is to analyse & demonstrate the diversity of information obtainable using this technique. A single typo or bitflip in the domain name of an email address will result in our inboxes receiving email intended for someone else! Using roughly a dozen domain names, we are currently capturing thousands of emails each week. Are you curious to know what we've found, and how you can defend your organisation about this type of attack? See you at the talk!