Reagan Short is a Technical Director on the Operations Innovation team for Managed Security Services at BlueVoyant. He primarily works alongside SOC, detection content, threat intel, and platform engineering teams to build and refine technologies and processes. Working with queries, graphs, pivot tables, mind maps, and diagrams, he enjoys applying innovation to detect, analyze, and mitigate evil at scale.
We’ll demonstrate a few practical approaches to exploiting human misunderstanding as a result of homophones to passively collect sensitive information, along with some redacted real-world examples. Domains registered for soundsquatting purposes are likely to be missed by typosquatting detection tools like DNSTwist. We will release defensive and detection mechanisms to help find vulnerable use cases within registered domains, language packaging pipelines, and social media handles.