Olivia
Online
Sebastian Salla
@sebsalla
Founder & CEO at • Cloud Security Architect at Palo Alto Networks • Finding ways to sneak into your Inbox
Sydney, Australia
Joined December 2017
29 Following
94 Followers
14 Posts
In my latest security research I found that due to severe misconfigurations, I was able to deliver SPF authenticated emails on behalf of the Ukrainian MoD, MIT and 1000+ others.
https://t.co/rUEKC94H5Q
Next week I'll be presenting two talks at two conferences! If you're at the AWS Public Sector Summit in Canberra or CrikeyCon in Brisbane, please come by and say hello!
AWS Public Sector Summit Talk: Cloud-focused security for speed and scale
CrikeyCon Talk: The Art of Phishing
@dkulshitsky Thanks Dmitry! After reviewing many of the SPF records, quite a few seem to be a simple mistake. Perhaps whoever implemented the record had enough understanding that an SPF needed to be implemented but not enough to know what the "+all" mechanism did.
Checkout our latest blog post! After scanning 1.7 million Australian domains we found 1.62 million SPF and DMARC security issues. 542 domains were misconfigured to such an extent that any public IP address could send SPF authenticated emails as them!
https://t.co/AxgCrE9v3W
@thomas_federer Glad to hear! I imagine the findings are pretty juicy :)
Over the past month I've been researching IP-takeover vulnerabilities specific to email sender supply chains. After some initial testing I decided scan 1.8 Million Australian domains... and found some pretty interesting results. Check it out the blog!
https://t.co/M4p7bIXL57
I've just made CanIPhish's email templates public. Check them out! https://t.co/OaWJYtYRnX
Maintaining control over all the IPs in your SPF record are crucial to ensuring you're not vulnerable to IP takeover attacks!
Check your SPF records: Wide IP ranges undo email security and make for tasty phishes https://t.co/uXM2fFFtfr by @dobes
I finally wrote a small tool I've wanted for a long time: A parallel testcase minimizer. It's called halfempty, and I'm already finding it useful as part of my fuzzing workflow. /cc @lcamtuf https://t.co/SIC2y0k0p0
New breach: Online booking service FlexBooker had 3.7M accounts breached last month. Data included email addresses, names, phone numbers and for some accounts, partial credit card data. 69% were already in @haveibeenpwned https://t.co/LGaAnj1hUA
Compromising the email supply chain of 190 Australian organisations through a single IT Managed Service Provider via /r/netsec https://t.co/cnXyWWFa7A #cybersecurity #netsec #news
What a brilliant idea!
Phishious provides the ability to see how various Secure Email Gateway technologies behave when presented with phishing material.
https://t.co/mBEyoDkP17
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers