BruCON 0x10

Mistyped domains often take some convincing to be effective in phishing attacks. After finding the perfect typo, the real work starts setting up the perfect lure. Instead of this, an often-forgotten attack vector exists where potential victims already make these typo's when sending email and or configuring systems, letting go of plenty useful information while at it.

In this talk we will explore this attack vector, ultimately setting ourselves up for a Mail-in-the-middle (MaiTM) attack to steal confidential information, login using password resets, embed tracking pixels and even deliver malware. Configuring this can still take some work and requires quick timing, so to help with that we have developed a toolkit that we will demonstrate during this talk. Finally, considering the impact of these attacks we will dive into some detection and prevention strategies for this attack while also releasing some new proof of concept tooling to aid organizations in defending against it.