Email Archives - Jean-Christoph von Oertzen

Webinar takeaway – MailFail – Who’s Spoofing Your Email and How Are They Doing It?

jean-christoph — Thu, 27 Jun 2024 18:22:15 +0000

My key takeaways SPF ensures that the SMTP FROM domain explicitly allows the connecting IP address. SPF does NOT ensure that the email address seen by the user is the one which was checked. the existance of SMTP FROM and the From field is a vulnarability: SPF checks SMTP FROM but most mail clients show […]

The post Webinar takeaway – MailFail – Who’s Spoofing Your Email and How Are They Doing It? appeared first on Jean-Christoph von Oertzen.

Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise

jean-christoph — Thu, 24 Feb 2022 19:18:55 +0000

My key takeaways BEC external-to-internal passes all technical security measures like SPF, DKIM and DMARC BEC internal-to-internal bypasses anti-spam solutions Get comfy with PowerShell to interact with M365 since Jan 2019 MS enabled mailbox auditing for Exchange Online CrowdStrike Reporting Tool also reviews excessive permissions in Azure AD If you are suspiscous to have a […]

The post Webinar takeaway – How to Detect and Respond to Business Email (M365) Compromise appeared first on Jean-Christoph von Oertzen.

Webinar takeaway: Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox

jean-christoph — Thu, 15 Jul 2021 19:10:52 +0000

My key takeaways DMARC uses SPF and/or DKIM In 2021 the National Defense Authorization Act says the Department of Homeland Security (DHS) must implement DMARC US wide there exists an RFC for "email from" SPF = receiving email server checks MAIL FROM address or the domain’s IP address in the HELO handshake against the sender’s […]

The post Webinar takeaway: Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: Roger Grimes Teaches You Phishing Mitigation

jean-christoph — Wed, 12 May 2021 19:00:36 +0000

My key takeaways ~40 threats/day in 2020 to take care of top 3 initial breach root causes social engineering unpatched software (>90% Java) medium threat general mitigations policies tech. defenses security awareness training Also educate your vendors about your AUP include a phishing mitigation section in your AUP paying everybody $1000/year who doesn’t fall for […]

The post Webinar Takeaway: Roger Grimes Teaches You Phishing Mitigation appeared first on Jean-Christoph von Oertzen.

Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s

jean-christoph — Thu, 01 Apr 2021 18:17:02 +0000

My key takeaways Automation tools like Ansilble, terraform and docker can also create a evil environment eg for phishing Don’t put sensible tokens or passwords in ainsible config files but use a cloud password manager and pull the pass as variable into ainsible Best of phishing themes: give away 2 iPhones or check a link […]

The post Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s appeared first on Jean-Christoph von Oertzen.

3 more ideas which might impact email marketing in 2021

jean-christoph — Mon, 28 Dec 2020 12:06:48 +0000

Jordie van Rijn wrote an article very inspiring to me, in which he aggregated different aspects and trends of what shaped email marketing automation in 2020 and what might have an impact in 2021. I would like to add 3 more ideas which might impact email marketing in 2021. TL;DR Phishing is black hat email […]

The post 3 more ideas which might impact email marketing in 2021 appeared first on Jean-Christoph von Oertzen.