For the last couple of months Ramin Yazdani has been looking into phishing domains using Unicode characters to appear like the target domain. In this process he developed a new ‘confusables’ table of Unicode characters which can easily be mistaken for their ASCII counterpart. The table is based on the ‘Unicode Confusables list’ and the ‘Unicode Similarity List’.
Last week was the FIRST conference in Edinburgh. TIDE was presenting a talk on “Proactive Threat Detection”. The idea we presented at FIRST was, since a proactive approach works well in the field of DNS, that we need to expand on proactive detection of threats. It fit well with the theme of the conference, Defending the Castle. Through proactive threat detection defenders are able to mount a defense against upcoming attacks rather than getting notified when the castle is already on…
Below are the regular expressions we have used to categorize TXT records in the paper “On the Pitfalls of Finding Security Issues in DNS TXT Records”. This paper is currently under submission.