Primal Security Podcast

News Items: Bug Bounty via Hacker One for Porn Hub Blind XSS on Go Daddy Support Submission ImageTragick HTML PoC + Exploit PoC Cybrary Session Wednesday: How to Break Into A Company From the Internet Pt.1 Pwndlist got Pwned Facebook CTF platform Verizon 2016 DBIR released... And it is a source of controversy Ransomware on house of Reps have increased dramatically, resulting in the blocking of yahoo mail List of Panama Papers Officials released   Technical Segment: Email Spoofing and Phishing Highlight: If a company is using Google Apps for Work and has not set up SPF/DKIM/DMARC their domain can be leveraged to spoof emails..very reliably. Surprise surprise, people click links! Do you even need to be crafty? No probably not, but lets discuss some ways anyhow. You can spoof Emails - It can happen: Great write-up from Cobalt Strike If you are new to the email spoofing you should really read this article Telnet to the mail server, and attempt to manually craft the email. This works in default co