Caleb Sargent
Caleb is a seasoned cybersecurity professional, boasting over 9 years of experience in threat emulation. He specializes in various areas, including red teaming, purple teaming, penetration testing, and physical security assessments. Previously a consultant at Optiv where he obtained the OSCP, and currently serving as an Offensive Security Engineer at PayPal, Caleb orchestrates and executes red team engagements by focusing on enhancing security effectiveness through purple team engagements within both cloud and internal networks. Caleb demonstrates his ability to identify vulnerabilities and mitigate risks through active participation in bug bounty programs on platforms like HackerOne and PayPal, contributing as both a researcher and in supportive roles. Additionally, he has refined his skills through endpoint detection and response testing, further enhancing his expertise in cybersecurity.
Session
Email spoofing attacks are rapidly evolving, becoming increasingly sophisticated and alarmingly effective at circumventing established security standards. This presentation introduces several groundbreaking email spoofing techniques that exploits DKIM and DMARC implementation flaws , enabling attackers to disseminate convincing phishing emails on a massive scale from highly reputable enterprise domains
We will also provide a detailed examination of several advanced and frequently overlooked spoofing patterns uncovered through recent research. These attack methods are actively targeting Fortune 500 companies and government agencies, highlighting critical vulnerabilities across essential sectors. Despite existing documentation and defensive measures, attackers continue to exploit these vulnerabilities extensively, underscoring significant gaps in current security frameworks.
Participants attending this session will gain practical, actionable insights and advanced defensive strategies tailored to detecting, mitigating, and proactively defending against these sophisticated email spoofing attacks. Enhancing awareness and adopting the demonstrated mitigation approaches will significantly bolster organizational resilience against evolving phishing threats.