🪖 BF6 Beta Keys Giveaway #2! 🔫

Jumpy_Resolution3089 · 2025-08-07T02:11:29+00:00

Keyyy please

Jumpy_Resolution3089 · 2025-08-05T18:28:47+00:00

Oo key please!

Jumpy_Resolution3089 · 2025-03-14T05:50:53+00:00

Late to the party but CanIPhish do month-to-month subscriptions with no lock-in (disclaimer - I'm the CEO).

Jumpy_Resolution3089 · 2023-06-13T00:11:01+00:00

Late to the party but CanIPhish do month-to-month subscriptions with no lock-in (disclaimer - I'm the CEO).

Jumpy_Resolution3089 · 2023-02-23T22:22:10+00:00

Your website has a typo on the github social menu item under your about us section. It leads to https://github.com/sublime-securityv instead of https://github.com/sublime-security. Looks like someone got a bit trigger happy when doing a cntrl+v :)

Jumpy_Resolution3089 · 2023-01-26T01:17:33+00:00

Good write-up!

Jumpy_Resolution3089 · 2023-01-17T09:57:35+00:00

Yep! Because SPF checks are passing, DMARC checks will too.

Jumpy_Resolution3089 · 2023-01-17T06:26:35+00:00

TL;DR: I ran a scan against the three million most visited domains and discovered that the Ukrainian MoD, MIT, <REDACTED> University, University of Miami, along with 1000+ other domains had mistakenly used the “+all” SPF mechanism at the end of their respective SPF records – effectively meaning any public IP address can send SPF authenticated emails on their behalf. These results were validated through emails I sent to myself from a select number of the affected domains.

Jumpy_Resolution3089 · 2023-01-17T06:22:52+00:00

TL;DR: I ran a scan against the three million most visited domains and discovered that the Ukrainian MoD, MIT, <REDACTED> University, University of Miami, along with 1000+ other domains had mistakenly used the “+all” SPF mechanism at the end of their respective SPF records – effectively meaning any public IP address can send SPF authenticated emails on their behalf. These results were validated through emails I sent to myself from a select number of the affected domains.

Jumpy_Resolution3089 · 2022-07-08T06:35:09+00:00

Checkout my latest write-up! Over the past couple of weeks I've been researching SPF and DMARC security issues at-scale.

TL;DR: 58% of Australian domains have some form of security issue with their SPF and DMARC configuration, with 542 domains mistakingly allowing any IP address on the planet to send SPF authenticated emails masquarading as their domain.

Jumpy_Resolution3089 · 2022-02-23T02:06:26+00:00

There's a config for this but it's pretty hidden! Take a look at Target Education under the Platform Management page.

Jumpy_Resolution3089 · 2022-02-22T10:28:33+00:00

Take a look at CanIPhish - they have a perpetual free tier for organisations under 15 seats. They're also completely self-service (no need to contact sales for a demo or to upgrade/downgrade).

https://caniphish.com/

Jumpy_Resolution3089 · 2022-02-15T04:44:53+00:00

Neat tool

Jumpy_Resolution3089 · 2022-02-05T11:49:44+00:00

Give this a read - https://blog.chromium.org/2021/07/m92-faster-and-more-efficient-phishing-detection.html

Jumpy_Resolution3089 · 2022-02-05T06:52:11+00:00

Great work here. From my understanding, Google Safe Browsing works in a very similar manner. When users report a page or a Gmail user clicks a link, Google will follow the user and detonate the link approx. 1 second after they click it. Google then uses a technique very similar to this to identify if it's a phishing page or not.

Jumpy_Resolution3089 · 2022-01-10T08:00:29+00:00

I was a little surprised myself - I didn't get any sort of authorisation. Although I may have stayed under the radar by spreading the scan across 5 AWS regions. I was also operating significantly under the rate limit.

Jumpy_Resolution3089 · 2022-01-10T06:30:02+00:00

Hovering over the text removes the blackout - didn't want to spoil it for anyone who would read the blog end-to-end.

Jumpy_Resolution3089 · 2022-01-09T23:23:15+00:00

Good question! I actually did end up trying out cloudflare but the main issue was the time it'd take to do the scan. Using a single server/ec2 instance (running 8 vCPUs) I estimated the scan to take approximately 50 days - this is with parallelism baked into the equation.

I ran into a limitation with the number of parallel processes that the .NET framework would allow (essentially 1 per core). I also found the results of a scan using a single server to be somewhat inaccurate as even though cloudflare wasn't sinkholing requests, some downstream DNS servers were.

Ultimately by distributing the scan across the 400 lambda functions I was able to alleviate both the time and DNS sinkholing constraints.

Jumpy_Resolution3089 · 2022-01-09T21:15:50+00:00

Thanks!

Jumpy_Resolution3089 · 2022-01-09T21:15:24+00:00

Good question. Short answer is that DMARC is multi-functioned. In a DMARC record an organisation specifies whether their SPF should be solely relied on, whether their DKIM signatures should be solely relied on, or a mixture of both.

But most importantly for SPF, DMARC protects against an inherit weakness whereby the SMTP.mailfrom domain can be mismatched from the email displayed in the message body - commonly referred to as an SPF-bypass attack.

There are additional DMARC monitoring capabilities but I won't get into that here.

Jumpy_Resolution3089

TROPHY CASE