Domains of Grays.

Domains of Grays.

One of the most consistently reliable means for an attacker to gain access to an organization's computing resources is via phishing - by socially engineering an authorized user into providing access to the attacker by inadvertently disclosing their credentials. There are numerous ways that are currently in use to prevent phishing already, but there is always room for improvement. In this case, we propose taking a spam-mitigation measure, greylisting, and applying it to DNS such that it will hamper the ability of phishers to complete a common type of attack. Additionally, this methodology will also mitigate other, similar threats that rely on fast resolution of DNS in order to function correctly. We will be providing a POC implementation for DNS greylisting so that you can evaluate its effectiveness as well.

Presented by