EHLO World: Living Off The Land in The Email Domain

Email-based attacks remain at the forefront of the cybersecurity threat landscape, ever-evolving to circumvent defenses and trick unsuspecting users. In this presentation, we delve into the strategies attackers use to manipulate high-reputation infrastructure and services to deliver attacks that reach end user inboxes.

We’ll show real, in-the-wild examples of how attackers abuse trusted platforms like DocuSign, SalesForce, Google Drive, PayPal, and Box, how they abuse free subdomain hosts, mass mailers, open redirects, compromised WordPress sites, and more. We’ll then explore how attackers persist in the inbox through the creation of malicious mail forwarding rules to siphon data without having to leave repeated access logs.

Finally, we’ll discuss detection and hunting methodologies and other defense-in-depth techniques to mitigate these attack vectors. Attendees will leave the talk with practical knowledge on novel email attack techniques and how to defend against them.