OCR for QR Codes

In the last couple years, email gateways have been rolling out QR code detections to combat phishing links, but I think they’re giving themselves a bit too much praise.

Without knowing exactly how the sausage is made, these detections work by…

  1. finding all images in an email
  2. performing ocr on the images to detect the visual qr code pattern
  3. reading the qr code url/data and determining the reputation

This is a great capability and I don’t want to undermine the work they’ve done, but simple bypasses already exist.

The biggest limitation in the way these detections work is that they only scan image files individually. By splitting a QR code into multiple images or by not using images at all, you can ensure the QR code pattern is never recognized by OCR.

The Evolution of QR Code Phishing: ASCII-Based QR Codes (CheckPoint)

CheckPoint has a great article on text-based bypasses and I have seen real world examples of ASCII QR codes used in phishing.

Another basic example I explored is splitting a QR code into multiple images and then realigning them with table formatting in an email - it works… and I’m sure there’s infinite variations.

qr-quarters/poc.py 

<!--- python poc.py https://wtfender.com 5 --->

<table style="border: none; border-spacing: 0px;">
    <tr>
        <td><img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/wAALCABSAFIBAREA/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/9oACAEBAAA/APf6KKKKKKKKKKKKKKKKKKKKKKK8/wDib8Tf+Fc/2X/xKP7Q+3+b/wAvPlbNmz/YbOd/t0rz/wD4aa/6lH/ypf8A2qj/AIaa/wCpR/8AKl/9qo/4aa/6lH/ypf8A2qtDQv2h/wC2/EOmaT/wi3k/bruK283+0N2ze4XdjyxnGc4yK7D4m/E3/hXP9l/8Sj+0Pt/m/wDLz5WzZs/2Gznf7dK8/wD+Gmv+pR/8qX/2qj/hpr/qUf8Aypf/AGqvoCiivn/9pr/mVv8At7/9o12mj6P4F0b4W6Lr2vaFoywLplo9zcyaakrFnRBk4QsSWYc89ay/+Ey+Bn/Prof/AIIm/wDjNbHhu5+Evi7UZLDQ9J0O7uo4jMyf2MI8ICATl4wOrD868g8SWFnpn7StnZ2FpBaWseq6dshgjEaLkQk4UcDJJP419L6noWj635X9raVY3/k58v7XbpLszjONwOM4HT0FcPZ3Pwl1DxQ3hq10nQ5NXWWSE2/9jAYeMMXG4x7eNrd+ccV458fdJ03RvHVjb6Xp9pYwNpkbtHawrEpbzZRkhQBnAAz7Crn/AAhvxz/5+tc/8Hq//Hq+n6K+f/2mv+ZW/wC3v/2jXQeMv+TXrb/sFab/AOhQ18wV7B+zj/yUPUP+wVJ/6Nio8Zf8nQ23/YV03/0GGvp+vG/GPgrTfh4dV+Jmkz3c2tQXDXCwXbq1uWnk8twVVVbAErY+bqBnPfwjxr411Lx5rMOqapBaQzxW626raoyqVDM2TuZjnLnv6V9t0UV8/wD7TX/Mrf8Ab3/7RruLnw3eeLvgDpeh2EkEd1daVYbHnYhBtETnJAJ6Ke1eUf8ADOPjD/oJaH/3/m/+NV3fwm+E2veA/FV1qmqXemzQS2T26rayOzBi6Nk7kUYwh7+lcJ4y/wCTobb/ALCum/8AoMNfT9eN+MfGum/EM6r8M9Jgu4danuGt1nu0VbcNBJ5jksrM2CImx8vUjOO3hHjXwVqXgPWYdL1Se0mnlt1uFa1dmUKWZcHcqnOUPb0rvP8AhnHxh/0EtD/7/wA3/wAar6forw/9ofQtY1v/AIRz+ydKvr/yftPmfZLd5dmfKxnaDjOD19DXEWHiT41aZp1tYWdjrkdraxJDCn9hg7UUAKMmLJwAOtWP+Ey+Of8Az665/wCCJf8A4zR/wmXxz/59dc/8ES//ABmsvR9H8daz8UtF17XtC1lp21O0e5uZNNeJQqOgycIFACqOeOlep/HTxt4i8Hf2D/YGofY/tX2jzv3Mcm7b5e376nGNzdPWsOWLw5H4Og8VeFbi0uPiRPbw3JFpc/aLh7iXb9oIttzLna8pKhMKMkAY42PBXg4/EPRptW+Jmj3c+tQ3DW0LXSSWbC3CqygImwEbnk+bGeozxx5J/wALt+If/Qw/+SVv/wDG6+v6K8/+JvxN/wCFc/2X/wASj+0Pt/m/8vPlbNmz/YbOd/t0rn/BPx0/4THxfY6B/wAI59j+1eZ+/wDt3mbdsbP93yxnO3HXvWh8R/jB/wAK/wDENvpP9hfb/OtFufN+1+VjLuu3Gxv7mc570fDj4wf8LA8Q3Gk/2F9g8m0a5837X5ucOi7cbF/v5zntRrPxg/sj4oR+C/7C83fd21t9s+17cecEO7ZsPTf03c47VofE34Zf8LG/sv8A4m/9n/YPN/5dvN379n+2uMbPfrXiHww0z+xP2gLXSfO877Dd3tt5u3bv2RSruxk4zjOMmvq+vgCvv+ivH/jp4J8ReMf7B/sDT/tn2X7R5376OPbu8vb99hnO1unpXKeIPEHgvQfhv/Zel/ZNP8d2Fvb20stpZNFcR3CMizgXCoBnAkBYNhgTyc8+L6lq2pazcLcapqF3fTqgRZLqZpWC5JwCxJxkk49zXefBTxTo3hHxleX+uXn2S1k094Vfynky5kjIGEBPRT+VexzfEj4PXOqDVJ5tNl1AOri7fSJGlDLjad5izkYGDnjArU/4Xb8PP+hh/wDJK4/+N1yfiPxB4L8VWF5Z/D77IfGt44e0ntLJrS4Zt4eUidkTaTGJMksMgkc5wew+E2meK9K8K3UHjCS7fUGvXeM3V2LhvK2IBhgzYG4Nxn19a5v/AITL4Gf8+uh/+CJv/jNewUV5f8YPiPrHw/8A7G/sm2sZvt3n+Z9rR2xs8vGNrL/fPXPavBPCOmw/Eb4qR2+sNJAmrXFzcTm0IUqxR5cLuDYG4Y5zx+de1/8ADOPg/wD6CWuf9/4f/jVeOfCbwVpvjzxVdaXqk93DBFZPcK1q6qxYOi4O5WGMOe3pXsf/AAzj4P8A+glrn/f+H/41XmHxg+HGj/D/APsb+ybm+m+3ef5n2t0bGzy8Y2qv989c9q9T+GPwm0HSofDvjCC71JtQeyS4MbyIYt0sOGGAgOPnOOfTrXrleP8A/DOPg/8A6CWuf9/4f/jVewUUV8weDf8Ak6G5/wCwrqX/AKDNR+0d/wAlD0//ALBUf/o2WvH66DwJ/wAlD8Nf9hW1/wDRq19v18QeO/8AkofiX/sK3X/o1q9//Zx/5J5qH/YVk/8ARUVewV//2Q=="></td>
        <td><img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/wAALCABSAFMBAREA/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/9oACAEBAAA/APf6KKKKKKKKKKKKKKKKKKKKK8v+I/xg/wCFf+IbfSf7C+3+daLc+b9r8rGXdduNjf3M5z3o+HHxg/4WB4huNJ/sL7B5No1z5v2vzc4dF242L/fznPavUK8/+JvxN/4Vz/Zf/Eo/tD7f5v8Ay8+Vs2bP9hs53+3SvP8A/hpr/qUf/Kl/9qo/4aa/6lH/AMqX/wBqo/4aa/6lH/ypf/aq0NC/aH/tvxDpmk/8It5P267itvN/tDds3uF3Y8sZxnOMivcKKK8H8N3uheFdOksfjAkE/iGSUzW7anAdQkFqQAoEgEmF3rL8ueDk45yeY/Zx/wCSh6h/2CpP/RsVfT9fP/7TX/Mrf9vf/tGu00fR/AujfC3Rde17QtGWBdMtHubmTTUlYs6IMnCFiSzDnnrWX/wmXwM/59dD/wDBE3/xmtjw3c/CXxdqMlhoek6Hd3UcRmZP7GEeEBAJy8YHVh+deQeJLCz0z9pWzs7C0gtLWPVdO2QwRiNFyIScKOBkkn8a+p6KK+YP2jv+Sh6f/wBgqP8A9Gy10/iTw3Z/AjTo/FHheSe8vrqUae8epsJIxGwMhIEYQ7sxLznGCePTM8NfH3xVrPirSNLuNP0ZYL29ht5GjhlDBXcKSMyEZwfQ1b/aa/5lb/t7/wDaNdB4y/5Netv+wVpv/oUNfMFewfs4/wDJQ9Q/7BUn/o2Kjxl/ydDbf9hXTf8A0GGvp+iiviTxr4K1LwHrMOl6pPaTTy263CtauzKFLMuDuVTnKHt6V3n7OP8AyUPUP+wVJ/6Nir2PU/izoOlePE8Hz2mpNqD3EFuJEjQxbpQpU5Lg4+cZ49eted/tNf8AMrf9vf8A7RruLnw3eeLvgDpeh2EkEd1daVYbHnYhBtETnJAJ6Ke1eUf8M4+MP+glof8A3/m/+NV3fwm+E2veA/FV1qmqXemzQS2T26rayOzBi6Nk7kUYwh7+lcJ4y/5Ohtv+wrpv/oMNfT9FFfPngq68IfEPRptW+Jmp6bPrUNw1tC11fLZsLcKrKAiMgI3PJ82M9RnjjL+ClheeDvGV5qPii0n0Oxk094EudTjNtG0hkjYIGkwCxCscdcKfSpNe0nUtc/aBtPEGk6fd6hor6nYOuo2kLS27KgiDkSKCuFKsCc8FTnpXR/tD6FrGt/8ACOf2TpV9f+T9p8z7JbvLsz5WM7QcZwevoa4iw8SfGrTNOtrCzsdcjtbWJIYU/sMHaigBRkxZOAB1qx/wmXxz/wCfXXP/AARL/wDGaP8AhMvjn/z665/4Il/+M1l6Po/jrWfilouva9oWstO2p2j3NzJprxKFR0GThAoAVRzx0r6zoor5Q+HHwf8A+FgeHrjVv7d+weTdtbeV9k83OERt2d6/38Yx2o+I/wAYP+FgeHrfSf7C+weTdrc+b9r83OEdduNi/wB/Oc9q9v8Agl/ySHQv+3j/ANKJKPib8Tf+Fc/2X/xKP7Q+3+b/AMvPlbNmz/YbOd/t0rsNC1P+2/D2mat5Pk/brSK58rdu2b0Dbc4GcZxnArQory/WfjB/ZHxQj8F/2F5u+7trb7Z9r2484Id2zYem/pu5x2r1CiivnjxJZa74q1GO++D7zweHo4hDcLpk40+M3QJLExkx5bY0XzY5GBnjA8v8SfDvxV4R06O/1zSvslrJKIVf7RFJlyCQMIxPRT+Vet+A/H2hwfB+Dwna6tJF4ont7q2tII45Vb7RLJJ5IEgXapJdPm3ADPJGKj8Mf8Ul9q/4XR+/+1bP7K/tX/iZY2587Zt8zy/vRZ6Z46444Btf8WeIfHN5pHg3XNVNrPdzjTbW3vnt41gUsyKisyhFCLwvGAMY7VX8Sal8SfCOox2Gua/rlpdSRCZU/tV5MoSQDlHI6qfyrqP+EN+Of/P1rn/g9X/49Xd+DtT8KaQdK0TxtHaSeP1uFSWS7tDc3HmvJmDNwFYE7Giwd/yjA4xx7JRRXN+CvBWm+A9Gm0vS57uaCW4a4Zrp1ZgxVVwNqqMYQdvWvHPDfiS8+O+oyeF/FEcFnY2sR1BJNMUxyGRSIwCZC424lbjGcgc+u/f/AAU8N+DtOufFGnXuqy32jRPqFvHcSxtG0kIMihwIwSpKjIBBx3FeMeOviPrHxA+wf2tbWMP2HzPL+yI6537c53M39wdMd60Pgl/yV7Qv+3j/ANJ5K6D9o7/koen/APYKj/8ARstH/DR3jD/oG6H/AN+Jv/jtcvpviS88XfGbRNcv44I7q61Wy3pApCDa0aDAJJ6KO9fY9FFfMH7R3/JQ9P8A+wVH/wCjZa8froPAn/JQ/DX/AGFbX/0atev/ALTX/Mrf9vf/ALRr2DwJ/wAk88Nf9gq1/wDRS10FFfMHjL/k6G2/7Cum/wDoMNfT9FFf/9k="></td>
    </tr>
    <tr>
        <td><img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/wAALCABTAFIBAREA/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/9oACAEBAAA/APf6K8v+MHxH1j4f/wBjf2TbWM327z/M+1o7Y2eXjG1l/vnrntR4H+HGjyanpfxENzff2vfxf2hLCHTyFkuIyXCrt3bR5jYBYngZJrU8a/CbQfHmsw6pql3qUM8Vutuq2siKpUMzZO5GOcue/pXN/wDDOPg//oJa5/3/AIf/AI1VzSfgF4V0bWbHVLfUNZaeyuI7iNZJoipZGDAHEYOMj1FSfGD4j6x8P/7G/sm2sZvt3n+Z9rR2xs8vGNrL/fPXPauA8a/DjR5Phnc/EQ3N9/a9/FBqEsIdPIWS4dC4Vdu7aPMbALE8DJNdf+zj/wAk81D/ALCsn/oqKuA/4aO8Yf8AQN0P/vxN/wDHa+n6K+f/ANpr/mVv+3v/ANo1ymk/ALxVrOjWOqW+oaMsF7bx3EayTShgrqGAOIyM4Pqa9v8AhN4K1LwH4VutL1Se0mnlvXuFa1dmUKURcHcqnOUPb0r54+E3jXTfAfiq61TVILuaCWye3VbVFZgxdGydzKMYQ9/Su01v4cax8W9Yn8caBc2Ntpmp7fJiv3dJl8tRE24IrKPmjYjDHgjp0q/4Y/4x++1f8JX/AKb/AG3s+zf2V+82eTndv8zZjPmrjGeh6d9DwV8ONYk+Jlt8RBc2P9kX8s+oRQl389Y7hHKBl27dw8xcgMRwcE17hXj/APw0d4P/AOgbrn/fiH/47XsFFeH/ALQ+haxrf/COf2TpV9f+T9p8z7JbvLsz5WM7QcZwevoa6zUJfEei/AqwbQre7TXrbTLFEhS28yVW/dK48sqeQu7II459KsfCbU/Feq+FbqfxhHdpqC3rpGLq0Fu3lbEIwoVcjcW5x6+lfLn/AAgnjD/oVNc/8F03/wATXonw/wBR+Kmi6loGhLp2s2ugpexpLHJpGFWJ5cyZdo8gfMxznj2rb/aa/wCZW/7e/wD2jXcXN7run/AHS7rw0k76umlWH2cQQCZzkRBsIQc/KW7cda8U1L4r/FXRrhbfVNRu7GdkDrHdaZDExXJGQGjBxkEZ9jXJ/wDCCeMP+hU1z/wXTf8AxNfb9Fef/E34m/8ACuf7L/4lH9ofb/N/5efK2bNn+w2c7/bpXn//AA01/wBSj/5Uv/tVH/DTX/Uo/wDlS/8AtVH/AA01/wBSj/5Uv/tVaGhftD/234h0zSf+EW8n7ddxW3m/2hu2b3C7seWM4znGRXYfE34Zf8LG/sv/AIm/9n/YPN/5dvN379n+2uMbPfrXP+Cfib5fi+x+Gv8AZGf7O8zTf7Q+0/6z7NGw3+Xs43eX03HGepxWh8R/g/8A8LA8Q2+rf279g8m0W28r7J5ucO7bs71/v4xjtXH/APDTX/Uo/wDlS/8AtVfQFFfP/wC01/zK3/b3/wC0a7TR9H8C6N8LdF17XtC0ZYF0y0e5uZNNSVizogycIWJLMOeetZf/AAmXwM/59dD/APBE3/xmtjw3c/CXxdqMlhoek6Hd3UcRmZP7GEeEBAJy8YHVh+deQeJLCz0z9pWzs7C0gtLWPVdO2QwRiNFyIScKOBkkn8a+h/E/jbw74O+y/wBv6h9j+1b/ACf3Mkm7bjd9xTjG5evrXzR4a8U6Np/x5n8S3V55ekNqF7MLjynOUkWUIdoG7ncvbjPNanxZ+J0uq+KrWfwf4n1JNPWyRJBazTW6+bvcnKnbk7SvOPT0r6D/AOEE8H/9Cpof/guh/wDia6Civn/9pr/mVv8At7/9o10HjL/k162/7BWm/wDoUNfMFewfs4/8lD1D/sFSf+jYqPGX/J0Nt/2FdN/9Bhrf/aa/5lb/ALe//aNXPDXwC8K6z4V0jVLjUNZWe9sobiRY5ogoZ0DEDMZOMn1Nan/DOPg//oJa5/3/AIf/AI1XAf8ADR3jD/oG6H/34m/+O19P0V8//tNf8yt/29/+0a7i58N3ni74A6XodhJBHdXWlWGx52IQbRE5yQCeintXlH/DOPjD/oJaH/3/AJv/AI1Xd/Cb4Ta94D8VXWqapd6bNBLZPbqtrI7MGLo2TuRRjCHv6VwnjL/k6G2/7Cum/wDoMNe3+OviPo/w/wDsH9rW19N9u8zy/siI2Nm3OdzL/fHTPevmzQPGum6V8ZZfGE8F22nve3dwI0RTLtlEgUYLAZ+cZ59etHxZ8a6b488VWuqaXBdwwRWSW7LdIqsWDu2RtZhjDjv617H/AMNHeD/+gbrn/fiH/wCO17BRXh/7Q+haxrf/AAjn9k6VfX/k/afM+yW7y7M+VjO0HGcHr6GuIsPEnxq0zTraws7HXI7W1iSGFP7DB2ooAUZMWTgAdasf8Jl8c/8An11z/wAES/8Axmj/AITL45/8+uuf+CJf/jNZej6P461n4paLr2vaFrLTtqdo9zcyaa8ShUdBk4QKAFUc8dK9D/aH0LWNb/4Rz+ydKvr/AMn7T5n2S3eXZnysZ2g4zg9fQ1ueGvgx4KufCukT6p4dkGoSWUL3QkubhGEpQF8rvG07s8YGK8w+LPwxl0rxVaweD/DGpPp7WSPIbWGa4Xzd7g5Y7sHaF4z6etcH/wAIJ4w/6FTXP/BdN/8AE19v0UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUV//Z"></td>
        <td><img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/wAALCABTAFMBAREA/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/9oACAEBAAA/AJ/Dfhuz+O+nSeKPFEk9nfWsp09I9MYRxmNQJASJA53ZlbnOMAcevzxXQeBP+Sh+Gv8AsK2v/o1a+r/HXw40f4gfYP7Wub6H7D5nl/ZHRc79uc7lb+4OmO9R+LtSm+HPwrkuNHWOd9Jt7a3gF2CwZQ6RZbaVydpzxjn8qr/CbxrqXjzwrdapqkFpDPFevbqtqjKpUIjZO5mOcue/pR8WfGupeA/CtrqmlwWk08t6luy3SMyhSjtkbWU5yg7+tcv4O8Fab8QzpXxM1ae7h1qe4W4aC0dVtw0EnloArKzYIiXPzdScY7eyUUV4/wD8NHeD/wDoG65/34h/+O14J4K8Fal481mbS9LntIZ4rdrhmunZVKhlXA2qxzlx29a7z/hnHxh/0EtD/wC/83/xqj/hnHxh/wBBLQ/+/wDN/wDGq6e98SWfirwuvwfsY54/EMMUentczqBaGS1KtIQwJfaRC207MnIyBzjxzxr4K1LwHrMOl6pPaTTy263CtauzKFLMuDuVTnKHt6UeCvBWpePNZm0vS57SGeK3a4Zrp2VSoZVwNqsc5cdvWtTTfDd54R+M2iaHfyQSXVrqtlveBiUO5o3GCQD0Ydq+x6KK8D+E3wl0fVfCt1P4w8NXaagt66Ri6ae3bytiEYUMuRuLc49fStjxr4OPw80aHVvhno93BrU1wttM1qkl4xtyrMwKPvAG5I/mxnoM88+YTfFf4q22qDS59Ru4tQLqgtH0yFZSzY2jYY85ORgY5yK1P+Ey+Of/AD665/4Il/8AjNceU8e+HNcm8YS6XqtjfLK80l/PpxVFeXKsSGTYMlyOnfjtXr/w40TTvi34euNf8cW/9q6nb3bWUU+9oNsKojhdsRVT80jnJGeevArwjw34p1nwjqMl/od59kupIjCz+UkmUJBIw4I6qPyr6P8Ah14W0bxnoOj+Otfs/tniWWUzPe+a8eXhlZIzsQhOFjQfd5xznJr1iiivn/8A4aa/6lH/AMqX/wBqrsPhx8YP+FgeIbjSf7C+weTaNc+b9r83OHRduNi/385z2rzDxl/ydDbf9hXTf/QYa9f+JvxN/wCFc/2X/wASj+0Pt/m/8vPlbNmz/YbOd/t0rP8Aifqf9t/s/wB1q3k+T9utLK58rdu2b5Ym25wM4zjOBWf+zj/yTzUP+wrJ/wCioq5//hmX/qbv/Kb/APba0NC8df8ACt/EOmfCz+zv7R8i7itv7S8/yd32hxJu8ra2Nvm4xu529s8e4UUV8qfH3SdN0bx1Y2+l6faWMDaZG7R2sKxKW82UZIUAZwAM+wr0P412Fn4O8G2eo+F7SDQ76TUEge50yMW0jRmORihaPBKkqpx0yo9K8I0DXH/4T7Rtb1u/nm8nULea5up3aV9iOuSTyxwq+/TFfR+p/E/4Sa35X9rXdjf+Tny/telSy7M4zjdEcZwOnoK5v4lfErwPrPww1HQdB1ONp2SBLa2js5YlCpKhwMoFACqeOOlan7OP/JPNQ/7Csn/oqKvSPEninRvCOnR3+uXn2S1klEKv5TyZcgkDCAnop/KvmjV9b07xH+0Tp+raTcfaLGfVdP8ALl2Mm7b5SnhgCOQRyK+r6KK+JPGvjXUvHmsw6pqkFpDPFbrbqtqjKpUMzZO5mOcue/pX1v418Fab480aHS9Unu4YIrhbhWtXVWLBWXB3Kwxhz29K8v8AEvwC8K6N4V1fVLfUNZaeyspriNZJoipZELAHEYOMj1FfOlfRfhr4BeFdZ8K6RqlxqGsrPe2UNxIsc0QUM6BiBmMnGT6mvUPBXgrTfAejTaXpc93NBLcNcM106swYqq4G1VGMIO3rXB/tHf8AJPNP/wCwrH/6KlrwDwJ/yUPw1/2FbX/0atfb9FFfHnxZ8a6b488VWuqaXBdwwRWSW7LdIqsWDu2RtZhjDjv619h14P8AET4KeJPF3jvUtcsL3So7W68rYk8sgcbYkQ5AjI6qe9V/DH/GP32r/hK/9N/tvZ9m/sr95s8nO7f5mzGfNXGM9D07wfET41+G/F3gTUtDsLLVY7q68rY88UYQbZUc5IkJ6Ke1cH4K+E2vePNGm1TS7vTYYIrhrdlupHViwVWyNqMMYcd/WuDroPAn/JQ/DX/YVtf/AEatfb9FFfEH/CCeMP8AoVNc/wDBdN/8TX2/Xjev6/8AEiD4yxadp0OpHwub20RnTTQ8XlMI/N/e7CcZL5O7jnpiqf7Q+haxrf8Awjn9k6VfX/k/afM+yW7y7M+VjO0HGcHr6Gtzw18GPBVz4V0ifVPDsg1CSyhe6ElzcIwlKAvld42ndnjAxXL+NbXxf8PNZh0n4Z6ZqUGizW63My2ti14puCzKxLurkHakfy5x0OOee8/4Ul8PP+he/wDJ24/+OV5JqHw/vdF+OtguheHNSTQbbU7F0mSCWSJV/dM58w54Dbsknjn0r6booooooooooooooooooooooooooooooooooor/2Q=="></td>
    </tr>
</table>

Doom (ft. gloom)

These bypasses are great examples of security whack-a-mole and knowing what to react to.

Here’s a cheat sheet:

  • (easy mode) Small/medium business -
    Just inform folks… it’s cybersecurity awareness month, right?

  • (hard mode) Enterprise edition -
    See easy mode. Maybe write regex for ASCII QR codes and crazy image data URIs in your email inspection tool.

  • (nightmare) Email gateway providers -
    The only way to reliably catch all the cheesy permutations is to run OCR over the entire email formatted as an image in the way it’s visually displayed to the user. Pretend your OCR engine is a person pointing an iphone camera at their monitor.