Passive Recon & Intelligence Collection Using Cyber-Squatted Domains

Explore the world of passive reconnaissance and intelligence gathering through cyber-squatted domains in this 24-minute conference talk from NorthSec 2022. Discover how domain squatting can be leveraged as a low-cost, highly effective method for collecting valuable data and intelligence. Learn about targeted techniques used by creative attackers and broader approaches employed by cybercriminals to exploit unsuspecting victims. Gain insights into the research conducted using "catch-all" email inboxes on squatted variants of a popular public email service, revealing the diverse range of information obtainable through this method. Understand how a simple typo or bitflip in an email domain can lead to the interception of thousands of emails weekly. Uncover the findings from this research and acquire knowledge on how to protect your organization against such attacks.

NSEC2022 - Rolland Winters - Passive recon & intelligence collection using cyber-squatted domains