37C3 - SMTP Smuggling – Spoofing E-Mails Worldwide

Title:
37C3 - SMTP Smuggling – Spoofing E-Mails Worldwide
Description:

https://media.ccc.de/v/37c3-11782-smtp_smuggling_spoofing_e-mails_worldwide

Introducing a novel technique for e-mail spoofing.

SMTP, the Simple Mail Transfer Protocol, allows e-mailing since 1982. This easily makes it one of the oldest technologies amongst the Internet. However, even though it seems to have stood the test of time, there was still a trivial but novel exploitation technique just waiting to be discovered – SMTP smuggling!
In this talk, we’ll explore how SMTP smuggling breaks the interpretation of the SMTP protocol in vulnerable server constellations worldwide, allowing some more than unwanted behavior. Sending e-mails as admin@microsoft.com to fortune 500 companies – while still passing SPF checks – will be the least of our problems!
From identifying this novel technique to exploiting it in one of the most used e-mail services on the Internet, we’ll dive into all the little details this attack has to offer. Therefore, in this talk, we’ll embark on an expedition beyond the known limits of SMTP, and venture into the uncharted territories of SMTP smuggling!

Timo Longin

https://events.ccc.de/congress/2023/hub/event/smtp_smuggling_spoofing_e-mails_worldwide/

#37c3 #Security

more » « less
Video Language:
English
Duration:
31:40
http://www.youtube.com/watch?v=V8KPV96g1To
Format: Youtube
Primary
Original
Added   by C3Subtitles
Format: Youtube
Primary
Original
http://www.youtube.com/watch?v=hV_UYR-3rXk
Format: Youtube
Added   by C3Subtitles
Format: Youtube
This video is part of Amara Public.

Subtitles download

Incomplete subtitles (1)

Completed subtitles (1)