I finally wrote a small tool I've wanted for a long time: A parallel testcase minimizer. It's called halfempty, and I'm already finding it useful as part of my fuzzing workflow. /cc lcamtuf github.com/googleprojectz…

What a brilliant idea! Phishious provides the ability to see how various Secure Email Gateway technologies behave when presented with phishing material. github.com/Rices/Phishious

New breach: Online booking service FlexBooker had 3.7M accounts breached last month. Data included email addresses, names, phone numbers and for some accounts, partial credit card data. 69% were already in Have I Been Pwned haveibeenpwned.com

Over the past month I've been researching IP-takeover vulnerabilities specific to email sender supply chains. After some initial testing I decided scan 1.8 Million Australian domains... and found some pretty interesting results. Check it out the blog! caniphish.com/phishing-resou…

I learnt something new just now. If you want the #privacy protection of DuckDuckGo but your search results from #Google then just prepend "!Google" to your DuckDuckGo search. Et voila, your google search gets laundered and your privacy remains respected.

Maintaining control over all the IPs in your SPF record are crucial to ensuring you're not vulnerable to IP takeover attacks!

I've just made CanIPhish's email templates public. Check them out! bit.ly/3weQ4cO

Checkout our latest blog post! After scanning 1.7 million Australian domains we found 1.62 million SPF and DMARC security issues. 542 domains were misconfigured to such an extent that any public IP address could send SPF authenticated emails as them! caniphish.com/phishing-resou…

Next week I'll be presenting two talks at two conferences! If you're at the AWS Public Sector Summit in Canberra or CrikeyCon in Brisbane, please come by and say hello! AWS Public Sector Summit Talk: Cloud-focused security for speed and scale CrikeyCon Talk: The Art of Phishing

In my latest security research I found that due to severe misconfigurations, I was able to deliver SPF authenticated emails on behalf of the Ukrainian MoD, MIT and 1000+ others. caniphish.com/phishing-resou…