To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Tech Dan Sanchez
Content provided by Proofpoint. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Proofpoint or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Similar to DISCARDED: Tales From the Threat Research Trenches

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

DISCARDED: Tales From the Threat Research Trenches « »
Direct Send Exploitation & URL Rewrite Attacks: What Security Teams Must Know

43:05
 
Play
Playing
Share
 

MP3Episode home
Manage episode 502525710 series 3348167
Content provided by Proofpoint. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Proofpoint or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Send us fan mail!

Hello to all our Cyber Squirrels! In this extra-packed episode of Discarded, host Selena Larson welcomes Proofpoint Principal Research Engineer Jason Ford for his first appearance on the show. Together, they dive into two resurging email attack techniques—Microsoft 365 Direct Send abuse and URL rewrite abuse—and why defending against them requires more than just traditional email security.

Jason explains what Direct Send is, why attackers exploit this legacy feature, and how it enables phishing campaigns that appear to originate from inside an organization. From QR code phishing kits to “to-do list” themed lures, Selena and Jason break down attack chains, share real-world examples, and highlight the red flags that indicate exploitation. They also explore how adversaries weaponize URL rewrites in redirect chains, to deliver malware and credential phishing.

We also unpack:

  • How Direct Send works under the hood and why legacy features are a prime target

  • Common signs in email headers that reveal Direct Send abuse

  • The role of URL rewrites in modern phishing campaigns

  • Why credential phishing has overtaken malware as the go-to tactic

  • Practical steps organizations can take—including when it makes sense to disable Direct Send

  • The importance of layered defenses, user education, and risk awareness across SaaS apps

  • Predictions on which “old school” techniques might resurface next

This episode offers a clear, actionable look at how threat actors adapt and why everything old in cybercrime eventually becomes new again.

Resources Mentioned:

https://www.proofpoint.com/us/blog/email-and-cloud-threats/attackers-abuse-m365-for-internal-phishing

http://www.jasonsford.com

https://github.com/jasonsford/directsendanalyzer

For more information about Proofpoint, check out our website.

Subscribe & Follow:

Stay ahead of emerging threats, and subscribe! Happy hunting!


  continue reading

88 episodes

#Tech #Dan Sanchez
Artwork

Direct Send Exploitation & URL Rewrite Attacks: What Security Teams Must Know

DISCARDED: Tales From the Threat Research Trenches

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 502525710 series 3348167
Content provided by Proofpoint. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Proofpoint or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Send us fan mail!

Hello to all our Cyber Squirrels! In this extra-packed episode of Discarded, host Selena Larson welcomes Proofpoint Principal Research Engineer Jason Ford for his first appearance on the show. Together, they dive into two resurging email attack techniques—Microsoft 365 Direct Send abuse and URL rewrite abuse—and why defending against them requires more than just traditional email security.

Jason explains what Direct Send is, why attackers exploit this legacy feature, and how it enables phishing campaigns that appear to originate from inside an organization. From QR code phishing kits to “to-do list” themed lures, Selena and Jason break down attack chains, share real-world examples, and highlight the red flags that indicate exploitation. They also explore how adversaries weaponize URL rewrites in redirect chains, to deliver malware and credential phishing.

We also unpack:

  • How Direct Send works under the hood and why legacy features are a prime target

  • Common signs in email headers that reveal Direct Send abuse

  • The role of URL rewrites in modern phishing campaigns

  • Why credential phishing has overtaken malware as the go-to tactic

  • Practical steps organizations can take—including when it makes sense to disable Direct Send

  • The importance of layered defenses, user education, and risk awareness across SaaS apps

  • Predictions on which “old school” techniques might resurface next

This episode offers a clear, actionable look at how threat actors adapt and why everything old in cybercrime eventually becomes new again.

Resources Mentioned:

https://www.proofpoint.com/us/blog/email-and-cloud-threats/attackers-abuse-m365-for-internal-phishing

http://www.jasonsford.com

https://github.com/jasonsford/directsendanalyzer

For more information about Proofpoint, check out our website.

Subscribe & Follow:

Stay ahead of emerging threats, and subscribe! Happy hunting!


  continue reading

88 episodes

#Tech #Dan Sanchez

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to DISCARDED: Tales From the Threat Research Trenches

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play