Sign up to save your podcasts
Or
Share Using Splunk and DNS to detect that your domains are being abused for phishing [Splunk Enterprise, Splunk Enterprise Security]
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Splunk [Enterprise Security] 2019 .conf Videos w/ Slides](https://podcast-api-images.s3.amazonaws.com/corona/show/926921/logo_300x300.png){kind=logo}
Using Splunk and DNS to detect that your domains are being abused for phishing [Splunk Enterprise, Splunk Enterprise Security]
As a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using Splunk and RFC’s like, RFC7208 – Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, we have developed a technique to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration. This technique is universally applicable. A precondition is access to the DNS logging. By means of this technique, insight can be obtained where the phishing e-mails are sent from and to whom the phishing e-mails are sent. In this talk we will start by explaining which standards are available to increase e-mail security and how we have build an app in Splunk, including dashboard and a wizard to create the necessary DNS records to gain insight information about the abuse of our domains.
Speaker(s)
Karl Lovink, Lead Security Operations Center, Dutch Tax and Customs Administration
Arnold Holzel, Senior Security Consultant, SMT
Karl Lovink, Lead Security Operations Center, Dutch Tax and Customs Administration
Arnold Holzel, Senior Security Consultant, SMT
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1106.pdf?podcast=1577146235
View all episodes
By SplunkAs a high-profile public-sector organization, the Dutch Tax and Customs Administration deals with criminals claiming to be representatives of the organization and contacting the public with phishing e-mails every day. By using Splunk and RFC’s like, RFC7208 – Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, we have developed a technique to identify phishing attacks that are carried out under the disguise of the Dutch Tax and Customs Administration. This technique is universally applicable. A precondition is access to the DNS logging. By means of this technique, insight can be obtained where the phishing e-mails are sent from and to whom the phishing e-mails are sent. In this talk we will start by explaining which standards are available to increase e-mail security and how we have build an app in Splunk, including dashboard and a wizard to create the necessary DNS records to gain insight information about the abuse of our domains.
Speaker(s)
Karl Lovink, Lead Security Operations Center, Dutch Tax and Customs Administration
Arnold Holzel, Senior Security Consultant, SMT
Karl Lovink, Lead Security Operations Center, Dutch Tax and Customs Administration
Arnold Holzel, Senior Security Consultant, SMT
Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1106.pdf?podcast=1577146235