Caleb Crable currently works as a Senior Staff Security Engineer on the Bill.com Red Team, performing attacks against critical financial infrastructure and physical security controls to make sure that red team gets the foothold before the attacker does. Previous to performing official red team work, penetration testing and red team consulting were the name of the game. Caleb spent over 3 years consulting with Cylance Professional Services on a variety of different security engagements at companies in every sector of modern business. Before his consulting journey started, Caleb was a Senior Malware Analyst at Cylance conducting deep-level file inspection, analysis, incident reconstruction, and taking part in special projects such as research associate for the whitepaper “Influence Sketching: Finding Influential Samples In Large-Scale Regressions”
SPF Shadowing: Give old services a chance to shine (<– add to your schedule)
In a world where Sender Policy Framework is meant to provide a first or second line of defense against impersonation and phishing, we instead find ourselves barely paying attention to it. Even after the MailChannels vulnerability was disclosed and thousands of companies found they could be impersonated via email through a service they paid thousands of dollars for, word really didn’t spread like it should have. Many domains are set and forget, from personal domains to fortune 500s, and I am going to take you on a journey where we use the forgotten for fun and profit.