SlideShare a Scribd company logo

Using Disposable Mailboxes for Research

Download as PPTX, PDF
B
Brad Antoniewicz

Automating the discovery and processing of commodity malware allows security researchers to focus on more important tasks. This talk introduces a simple way of obtaining malicious emails by using freely available disposable mailbox services. We'll share our results and introduce two tools: MailRunner, a modular tool for obtaining and analyzing email, and LacedMail.com, a free api-centric disposable email service that is meant to be used for security research.

Technology
1 of 17
1 Brad Antoniewicz Disposable Mailboxes for Research! Cisco Umbrella, formally OpenDNS
2 Hi, I’m @brad_anton
33© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40% Businesses affected in the last year $1B Gross Revenue in 2016 128% Growth in new samples Ransomware SucksCommodity malware distracts researchers from cooler stuff
4 Email Distribution To: Brad Antoniewicz <somedude@someplace.com> From: Barbara Almond <barabara.almond.01@cisco.com> Received: from mail.mailexpress.com … Subject: Invoice #0299301 Attachment: invoice01.zip Body: Brad, Attached is the invoice you requested. Thanks, Barbara Domain Analysis Pattern Analysis Natural Language Website Crawling @brad_anton
5 Not good for research
6
7 MailRunner Identifying ransomware and commodity malware Bait Mailboxes Block Dewey Classification Engine @brad_anton Convict, then pass on email attributes
8
9 Architecture Fetch, Process, and Store Check and Categorize Sandbox Analyzer Block
10 Detections (One mailbox) 7.4k Malicious Emails 15k Unique Domains @brad_anton
11
12@brad_anton
13
14
15@brad_anton
1616 Takeaways 1. Commodity malware ruins it 2. Disposable mailboxes FTW 3. LacedMail.com 4. MailRunner opensource soon!
1717© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Thanks! -@brad_anton

Recommended

BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat Security Conference
 
Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017
Brad Antoniewicz
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Roger Hagedorn
 
HR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataHR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company Data
Parsons Behle & Latimer
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
Andrew McNicol
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
Andrew McNicol
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomware
Cyber Security Alliance
 
Hack the hack
Hack the hackHack the hack
Hack the hack
Shakti Ranjan
 

Recommended

BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat Security Conference
 
Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017Exploit Kit Cornucopia - Blackhat USA 2017
Exploit Kit Cornucopia - Blackhat USA 2017
Brad Antoniewicz
 
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Your Money or Your Data: Ransomware, Cyber Security and Today’s Threat Landsc...
Roger Hagedorn
 
HR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company DataHR's Critical Role in Protecting Company Data
HR's Critical Role in Protecting Company Data
Parsons Behle & Latimer
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
Andrew McNicol
 
BSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPointBSidesJXN 2016: Finding a Company's BreakPoint
BSidesJXN 2016: Finding a Company's BreakPoint
Andrew McNicol
 
Corporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomwareCorporations - the new victims of targeted ransomware
Corporations - the new victims of targeted ransomware
Cyber Security Alliance
 
Hack the hack
Hack the hackHack the hack
Hack the hack
Shakti Ranjan
 
Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3
Denise Bailey
 
Don't Fear the Content Audit
Don't Fear the Content AuditDon't Fear the Content Audit
Don't Fear the Content Audit
Kapost
 
News bytes Sept-2011
News bytes Sept-2011News bytes Sept-2011
News bytes Sept-2011
Ashwin Patil, GCIH, GCIA, GCFE
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
OneLogin
 
How Cybercriminals Cheat Email Authentication
How Cybercriminals Cheat Email AuthenticationHow Cybercriminals Cheat Email Authentication
How Cybercriminals Cheat Email Authentication
Return Path
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
HackIT Ukraine
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2016
 
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...
Amazon Web Services
 
An Effective Spam Protection System
An Effective Spam Protection SystemAn Effective Spam Protection System
An Effective Spam Protection System
Apollo_n
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
OWASP
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
CAS
 
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
Jeremiah Onaolapo
 
250ok Deliverability Tips For Success
250ok Deliverability Tips For Success250ok Deliverability Tips For Success
250ok Deliverability Tips For Success
Ron Corbisier
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
Geoff Pesimo
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
Zscaler
 
Learnings from the Cloud: What to Watch When Watching for Breach
Learnings from the Cloud: What to Watch When Watching for BreachLearnings from the Cloud: What to Watch When Watching for Breach
Learnings from the Cloud: What to Watch When Watching for Breach
Priyanka Aash
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Zack Meyers
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
CloudLock
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
Roel Palmaers
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
 

More Related Content

Similar to Using Disposable Mailboxes for Research

Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
HackIT Ukraine
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2016
 
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...
Amazon Web Services
 
An Effective Spam Protection System
An Effective Spam Protection SystemAn Effective Spam Protection System
An Effective Spam Protection System
Apollo_n
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
OWASP
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Zack Meyers
 

Similar to Using Disposable Mailboxes for Research (20)

Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3Ransomware and email security ver - 1.3
Ransomware and email security ver - 1.3
 
Don't Fear the Content Audit
Don't Fear the Content AuditDon't Fear the Content Audit
Don't Fear the Content Audit
 
News bytes Sept-2011
News bytes Sept-2011News bytes Sept-2011
News bytes Sept-2011
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
How Cybercriminals Cheat Email Authentication
How Cybercriminals Cheat Email AuthenticationHow Cybercriminals Cheat Email Authentication
How Cybercriminals Cheat Email Authentication
 
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
Ник Белогорский - Будни Кремниевой Долины. История карьеры Ника, борьба с хак...
 
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Microfestival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
festival ICT 2013: Gli attacchi mirati e la Difesa Personalizzata Trend Micro
 
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...
 
An Effective Spam Protection System
An Effective Spam Protection SystemAn Effective Spam Protection System
An Effective Spam Protection System
 
[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities[OPD 2019] Inter-application vulnerabilities
[OPD 2019] Inter-application vulnerabilities
 
Information security awareness
Information security awarenessInformation security awareness
Information security awareness
 
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
What Happens After You Are Pwnd: Understanding The Use Of Leaked Webmail Cred...
 
250ok Deliverability Tips For Success
250ok Deliverability Tips For Success250ok Deliverability Tips For Success
250ok Deliverability Tips For Success
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Dissecting ssl threats
Dissecting ssl threatsDissecting ssl threats
Dissecting ssl threats
 
Learnings from the Cloud: What to Watch When Watching for Breach
Learnings from the Cloud: What to Watch When Watching for BreachLearnings from the Cloud: What to Watch When Watching for Breach
Learnings from the Cloud: What to Watch When Watching for Breach
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
Ransomware hostage rescue manual
Ransomware hostage rescue manualRansomware hostage rescue manual
Ransomware hostage rescue manual
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Using Disposable Mailboxes for Research