Forgotten DNS Records Enable Cybercrime
Authors: Jacques Portal, Renée Burton Hazy Hawk is a DNS-savvy threat actor that hijacks abandoned cloud resources of high-profile organizations. By “cloud resources†we mean things like S3 buckets and Azure endpoints. You might have read about domain hijacking; we and other security vendors have written about different techniques for grabbing control of forgotten domain names several times over t
Who Knew? Domain Hijacking is So Easy | Infoblox
Researchers at Infoblox and Eclypsium have discovered that a powerful attack vector in the domain name system (DNS) is being widely exploited across many DNS providers. We have found that over a dozen Russian-nexus cybercriminal actors are using this attack vector to hijack domain names without being noticed. We call this the Sitting Ducks attack. There are over a million exploitable target domain
Building a Recursive DNS Resolver
When you type something like “google.com†into your browser and hit enter, your device must query a known recursive resolver to find google.com’s IP address. Recursive resolvers are provided by most ISPs, but resolvers like 1.1.1.1 or 8.8.8.8 exist as well. You can query a resolver manually using something like dig or dog: ⯠dig @1.1.1.1 news.ycombinator.com ; <<>> DiG 9.18.4-2-Debian <<>> @1.1.1.
Let’s Encryptã§ãƒ¯ã‚¤ãƒ«ãƒ‰ã‚«ãƒ¼ãƒ‰è¨¼æ˜Žæ›¸ã‚’å–å¾—ã™ã‚‹è©± | IIJ Engineers Blog
ã¯ã˜ã‚ã« SoftwareDesign 8月å·ã®DNS特集ã«ã¦è¨˜äº‹ã‚’書ã‹ã›ã¦ã„ãŸã ãã¾ã—ãŸã€‚ã¿ã‚“ãªè²·ã£ã¦ã。 ã§ã€å®Ÿã¯æœ€åˆã«æ›¸ã„ã¦ãŸåŽŸç¨¿ã¯ã‚‚ã£ã¨é•·ã‹ã£ãŸã‚“ã§ã™ã‘ã©ã€ç´™å¹…ã®éƒ½åˆã§ä¸€éƒ¨ã®å†…容ã«ã¤ã„ã¦ã¯æŽ²è¼‰ã‚’見é€ã‚Šã¾ã—ãŸã€‚ã›ã£ã‹ã書ã„ãŸã®ã«æ¨ã¦ã‚‹ã®ã¯ã‚‚ã£ãŸã„ãªã„ã®ã§ã€å…ˆæ—¥ãŠã“ãªã‚ã‚ŒãŸDNS Summer Day 2022ã§ç™ºè¡¨ã—よã†ã‹ã¨æº–å‚™ã—ã¦ãŸã‚“ã§ã™ãŒã€é€”ä¸ã§æ°—ãŒå¤‰ã‚ã£ã¦é•ã†å†…容ã«ãªã‚Šã¾ã—ãŸã€‚ãã‚“ãªã‚ã‘ã§ã€æœ€çµ‚çš„ã«ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãƒ–ãƒã‚°ã«ã¦ä¾›é¤Šã—ã¾ã™ã€‚åŠ ç†ä¿®æ£ã—ã¾ãã£ã¦ã„ã‚‹ã®ã§å…ƒã®åŽŸç¨¿ã®æ°—é…ã¯ã‚‚ã¯ã‚„残り香程度ã«æ¼‚ã†ã ã‘ã§ã™ãŒã€‚ ACMEã§dns-01ãƒãƒ£ãƒ¬ãƒ³ã‚¸ サーãƒè¨¼æ˜Žæ›¸ã‚’ç„¡æ–™ã‹ã¤è‡ªå‹•ã§å–å¾—ã§ãるサービスã¨ã—ã¦æœ‰åãªã‚‚ã®ã«Let’s EncryptãŒã‚ã‚Šã¾ã™ãŒã€Let’s Encryptã®ä»•çµ„ã¿ã¯Let’s Encrypt独自ã®ã‚‚ã®ã§ã¯ã‚ã‚Šã¾ã›ã‚“。ACME (RFC8555)ã¨ã—ã¦æ¨™æº–化ã•ã‚Œã¦ã„ã¦
[IT 管ç†è€…å‘ã‘] DNS レコードを管ç†ã—ã¦ã‚µãƒ–ドメイン テイクオーãƒãƒ¼ã‚’防ã | MSRC Blog | Microsoft Security Response Center
ã¿ãªã•ã‚“ã¯ã€ã€Œã‚µãƒ–ドメイン テイクオーãƒãƒ¼ã€ã¨ã„ã†ã‚»ã‚ュリティã®å•é¡Œã‚’ã”å˜ã˜ã§ã™ã‹? サブドメイン テイクオーãƒãƒ¼ã¯ã€ä»¥å‰ã‹ã‚‰å˜åœ¨ã™ã‚‹ä¸€èˆ¬çš„ãªã‚»ã‚ュリティã®å•é¡Œã§ã™ãŒã€ã‚¯ãƒ©ã‚¦ãƒ‰ サービスã®åˆ©ç”¨å¢—åŠ ã«ä¼´ã„ã€ç‰¹ã«æ³¨æ„ãŒå¿…è¦ã«ãªã£ã¦ã„ã¾ã™ã€‚マイクãƒã‚½ãƒ•ãƒˆã®ã‚µãƒ¼ãƒ“スã ã‘ã«ç™ºç”Ÿã™ã‚‹å•é¡Œã§ã¯ã‚ã‚Šã¾ã›ã‚“ãŒã€Microsoft Azure を例ã«æŒ™ã’ãªãŒã‚‰ã€ã‚µãƒ–ドメイン テイクオーãƒãƒ¼ã®æ¦‚è¦ã€ç™ºç”ŸåŽŸå› ã¨å¯¾ç–ã«ã¤ã„ã¦è§£èª¬ã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚ [1] サブドメイン テイクオーãƒãƒ¼ã¨ã¯ï¼Ÿ サブドメイン テイクオーãƒãƒ¼ (Subdomain Takeover) ã¯ã€DNS レコードã®ä¸é©åˆ‡ãªç®¡ç†ãŒè¦å› ã¨ãªã£ã¦ç™ºç”Ÿã™ã‚‹ã‚»ã‚ュリティã®å•é¡Œã§ã™ã€‚例ãˆã° CDN (Content Delivery Network) サービスãªã©ã®å¤–部ã®ã‚µãƒ¼ãƒ“スを利用ã™ã‚‹éš›ã€è‡ªçµ„ç¹”ãŒç®¡ç†ã™ã‚‹ãƒ‰ãƒ¡ã‚¤ãƒ³ã‚„サブドメインを外部ã®ã‚µãƒ¼ãƒ“スã«åå‰è§£æ±ºã™
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
IP.THC.ORG - Reverse-DNS, Subdomain and CNAME Lookups
GitHub - ifconfig-me/subowner: SubOwner - A Simple tool check for subdomain takeovers.
DNS Takeover Explained: Protect Your Online Domain | Trickest
Dangling DNS Records leading to Sub-domain Takeover on api.techprep.fb.com!
GitHub - webanalyzer/rules: 通用的指纹识别规则
Salesforce Lightning - An in-depth look at exploitation vectors for the everyday community — Enumerated
http://www.e-ontap.com/blog/?date=202203
http://www.e-ontap.com/dns/csec87/
国内を標的ã¨ã—㟠銀行フィッシングè©æ¬ºã®åˆ†æž
GitHub - PushpenderIndia/subdover: Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3
GitHub - geraldino2/subtakeoverplusplus: subtakeover++ is a complete subdomain takeover scanner, that checks second-order vulnerabilities, CNAME, MX and NS records.
GitHub - cisagov/findcdn: findCDN is a tool created to help accurately identify what CDN a domain is using.
https://tomnomnom.com/talks/bug-bounties-with-bash-virsec.pdf
Azure-Network-Security/Cross Product/DNS - Find Dangling DNS Records at master · Azure/Azure-Network-Security
DNS Services - Nominet
{{#tags}}- {{label}}
{{/tags}}