One of the most consistently reliable means for an attacker to gain access to an organization's computing resources is via phishing - by socially engineering an authorized user into providing access to the attacker by inadvertently disclosing their credentials. There are numerous ways that are currently in use to prevent phishing already, but there is always room for improvement. In this case, we propose taking a spam-mitigation measure, greylisting, and applying it to DNS such that it will hamper the ability of phishers to complete a common type of attack. Additionally, this methodology will also mitigate other, similar threats that rely on fast resolution of DNS in order to function correctly. We will be providing a POC implementation for DNS greylisting so that you can evaluate its effectiveness as well.
An amateur blacksmith, an amateur radio operator, and a professional know-it- all, Eric has had a deep appreciation for the lore surrounding the IT world for many years. When he's not digging through obscure fora to find out who thought XCHG EAX:EAX was a good idea for a NOP command, Eric is either forging coathooks or stitching together various systems that were never designed to work together. He lives in the mountains of southern California with his wife and cats.