Passive recon & intelligence collection using cyber-squatted domains

Back to the list of Speakers and Sessions
Watch the stream
The DNS system was not designed with security in mind, and domain Squatting techniques are most commonly identified and known by their use in phishing attacks. In this talk we will demonstrate a less-often considered use for these domain names as reconnaissance and intelligence gathering tools.

Domain squatting presents the creative attacker with low cost, and extremely effective ways to passively gather large amounts of useful data & intelligence. These techniques can be highly targeted, or they can be used by cyber criminals to cast a wide net, taking advantage of victims as the opportunities present themselves.

For our research, we are using "catch-all" email inboxes on squatted variants of a very popular public email service. Our intention for this data is to analyse & demonstrate the diversity of information obtainable using this technique. A single typo or bitflip in the domain name of an email address will result in our inboxes receiving email intended for someone else! Using roughly a dozen domain names, we are currently capturing thousands of emails each week. Are you curious to know what we've found, and how you can defend your organisation about this type of attack? See you at the talk!


Rolland Winters Cyber Operator (Canadian Forces) & SOC Analyst (Commissionnaires), Canadian Armed Forces & Commissionnaires du Quebec

Rolland Winters is an army reservist and team lead for the cyber protection team at 34 Signal Regiment in Montreal. He is also a full-time SOC analyst for the Commissionnaires du Québec in their cyber security department (VYGL). He has a diverse background, with professional experience in military radio and satellite systems, IOT, smart home automation, CCT/security systems, web application development, and information security. He is currently working on his OSCP and GCIA certifications.