A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers
A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers IntroductionLet's start with this: A DNS takeover is not the same as a subdomain takeover. Subdomain takeovers are old news. Hackers who caught onto them early made busloads of bounties by automating their detection and exploitation. They're still out there, but competition is fierce. Crafty hackers built bots that detect an
Amazon EC2 ã«ãŠã‘ã‚‹ã‚»ã‚ュリティ(脆弱性)事例 - blog of morioka12
1. 始ã‚ã« ã“ã‚“ã«ã¡ã¯ã€morioka12 ã§ã™ã€‚ 本稿ã§ã¯ã€Amazon EC2 上ã§å‹•ã Web アプリケーションã®è„†å¼±æ€§ã«ã‚ˆã£ã¦è„†å¼±æ€§æ”»æ’ƒãŒå¯èƒ½ã ã£ãŸå®Ÿéš›ã®äº‹ä¾‹ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚ 1. 始ã‚ã« 2. Amazon EC2 ã«ãŠã‘ã‚‹ã‚»ã‚ュリティリスク Amazon EBS 被害ãŒã‚ã£ãŸå…¬é–‹äº‹ä¾‹ 3. Amazon EC2 ã§èµ·ã“ã‚Šã†ã‚‹è„†å¼±æ€§æ”»æ’ƒ SSRF ãŒå¯èƒ½ãªè„†å¼±æ€§ SSRF ã«ãŠã‘る回é¿æ–¹æ³• 4. Amazon EC2 ã®è„†å¼±ãªå ±å‘Šäº‹ä¾‹ ç”»åƒèªã¿è¾¼ã¿æ©Ÿèƒ½ã«æ½œã‚€ SSRF を悪用ã—㟠EC2 ã®ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã®ä¸æ£å…¥æ‰‹ãŒå¯èƒ½ SAML アプリケーションã«æ½œã‚€ SSRF を悪用ã—㟠EC2 ã®ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã®ä¸æ£å…¥æ‰‹ãŒå¯èƒ½ Webhook 機能ã«æ½œã‚€ SSRF を悪用ã—㟠EC2 ã®ã‚¯ãƒ¬ãƒ‡ãƒ³ã‚·ãƒ£ãƒ«ã®ä¸æ£å…¥æ‰‹ãŒå¯èƒ½ Webhook 機能ã«æ½œã‚€ SSRF を悪用ã—㟠EC2 ã®ã‚¯ãƒ¬ãƒ‡
Hatalı Yapılandırılmış AWS S3 Bucket Ãœzerinde Bulunan Güvenlik Açığının Yarattığı Etkiler を訳ã—ã¦ã¿ãŸ - Shikata Ga Nai
Hello there, ('ω')ノ AWS S3 ãƒã‚±ãƒƒãƒˆã®è¨å®šãƒŸã‚¹ã«ã‚ˆã‚‹è„†å¼±æ€§ã§æƒ…å ±æ¼ãˆã„ã¨ã‚µãƒ–ドメインã®ä¹—ã£å–りを。 脆弱性: AWS ã®è¨å®šãƒŸã‚¹ 記事: https://medium.com/@gguzelkokar.mdbf15/hatal%C4%B1-yap%C4%B1land%C4%B1r%C4%B1lm%C4%B1%C5%9F-aws-s3-bucket-%C3%BCzerinde-bulunan-g%C3%BCvenlik-a%C3%A7%C4%B1%C4%9F%C4%B1n%C4%B1n-yaratt%C4%B1%C4%9F%C4%B1-etkiler-cb073179360d 今回ã¯ã€HackerOne プラットフォームã«æŽ¥ç¶šã•ã‚Œã¦ã„ã‚‹æ°‘é–“ä¼æ¥ã§ã€‚ 発見ã—ãŸã‚»ã‚ュリティã®è„†å¼±æ€§ã«ã¤ã„ã¦ã€‚ ã¾ãšã¯ã€æ”»æ’ƒå´ã¨é˜²å¾¡å´ã®ä¸¡æ–¹ã‚’調ã¹ã¦ã€‚ 会社åã‚’ XYZ ã¨ã™ã‚‹ã¨ã€‚ 1.発見
Route53ã®Aレコードã§æ‰€æœ‰ã—ã¦ã„ãªã„EIPã€ãƒ‘ブリックIPãŒè¨å®šã•ã‚Œã¦ã„ãªã„ã‹ã€ŒGhostbusterã€ã‚’使ã£ã¦æŠŠæ¡ã—ã¦ã¿ãŸ | DevelopersIO
Route53ã®Aレコードã§æ‰€æœ‰ã—ã¦ã„ãªã„EIPã€ãƒ‘ブリックIPãŒè¨å®šã•ã‚Œã¦ã„ãªã„ã‹ã€ŒGhostbusterã€ã‚’使ã£ã¦æŠŠæ¡ã—ã¦ã¿ãŸ ã“ã‚“ã«ã¡ã¯ã€ã‚³ãƒ³ã‚µãƒ«éƒ¨ï¼ 大阪オフィスã®Todaã§ã™ã€‚ Route53ã¨EC2を利用ã™ã‚‹ä¸ã§Elastic IP(EIP)やパブリックIPã‚’Aレコードã«è¨å®šã—ã¦ã€ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ç ´æ£„ã€EIP解放時ã«æ¶ˆã—忘れãŸã¨ã„ã†ã”経験ã¯ã‚ã‚Šã¾ã›ã‚“ã§ã—ょã†ã‹ï¼Ÿ 消ã—忘れãŸAレコードã¯æ‚ªæ„ã®ã‚るユーザã«IPã‚’å†å–å¾—ã•ã‚Œã¦ã‚µãƒ–ドメイン乗ã£å–ã‚Šã«ã¤ãªãŒã‚‹å ´åˆãŒã”ã–ã„ã¾ã™ã€‚ 今回ã¯Route53ã®Aレコードã§ã€æ‰€æœ‰ã—ã¦ã„ãªã„EIPã€ãƒ‘ブリックIPãŒè¨å®šã•ã‚Œã¦ã„ãªã„ã‹ã‚’ Ghostbusterã¨ã„ã†ãƒ„ールを利用ã—ã¦ç¢ºèªã—ã¦ã¿ã¾ã—ãŸã€‚ â– Github assetnote / ghostbuster https://github.com/assetnote/ghostbuster Route5
アセットã®ä¸æ£å…¬é–‹é˜²æ¢ã¨ä¿®å¾© | Mandiant
最新ã®ãƒ¬ãƒãƒ¼ãƒˆã€ŒDefender's Advantage:防御å´ã®å„ªä½æ€§ - サイãƒãƒ¼ãƒ»ã‚¹ãƒŠãƒƒãƒ—ショットã€ã®è¨˜äº‹ã€Œã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã«æŽ¥ç¶šã•ã‚Œã¦ã„る一般的ãªã‚¨ã‚¯ã‚¹ãƒ—ãƒã‚¤ãƒˆçµŒè·¯ã‚’検知ã™ã‚‹ã€ã«ãŠã„ã¦ã€Mandiantã¯æ”»æ’ƒã®çµŒè·¯ã¨ãªã‚Šå¾—るインターãƒãƒƒãƒˆä¸Šã§ä¸æ£ã«å…¬é–‹ã•ã‚Œã¦ã„るパスを特定ã—ã¾ã—ãŸã€‚ã“ã®ãƒ–ãƒã‚°ã§ã¯ã€å¤–部資産ã®ã‚»ã‚ュリティ強化ã«é–¢ã™ã‚‹Mandiantã®æŽ¨å¥¨äº‹é …ã‚’ã¾ã¨ã‚ã¦ã„ã¾ã™ã€‚ 図1: Mandiant Advantage Attack Surface Managementã«ã‚ˆã‚Šè¦³å¯Ÿã•ã‚ŒãŸå•é¡Œãƒˆãƒƒãƒ—5(2022å¹´1月1日~2022å¹´3月31日)外部アセットã®æŽ¢ç´¢ã€ãƒªã‚¹ãƒˆã‚¢ãƒƒãƒ—ã€ä¸æ£å…¬é–‹ã®æ¤œçŸ¥Â   攻撃者ã¯ã€è„†å¼±ãªå¤–部アセットや è¨å®šãƒŸã‚¹ã‚’エントリãƒã‚¤ãƒ³ãƒˆï¼ˆåˆæœŸä¾µå…¥ãƒ™ã‚¯ã‚¿ãƒ¼ï¼‰ã¨ã—ã¦åˆ©ç”¨ã—ã€åµå¯Ÿã€æ°´å¹³å±•é–‹ã€ã‚¢ã‚¯ã‚»ã‚¹ã®ç¶æŒã‚’図りã€ãƒŸãƒƒã‚·ãƒ§ãƒ³ã‚’é”æˆã—よã†ã¨ã—ã¾ã™ã€‚外部アセットを悪用ã™ã‚‹æœ€åˆã®ä¾µ
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
GitHub - ifconfig-me/subowner: SubOwner - A Simple tool check for subdomain takeovers.
DNS Takeover Explained: Protect Your Online Domain | Trickest
GitHub - umutcamliyurt/Subhunter: A fast subdomain takeover tool
GitHub - dub-flow/subsnipe: SubSnipe is a tool designed to help find subdomains that are vulnerable to takeover.
Dangling DNS Records leading to Sub-domain Takeover on api.techprep.fb.com!
$3K Bounty For Elastic-Search Takeover
GitHub - hash3liZer/Subrake: 🚀 A DNS automated scanner and tool ðŸ–±ï¸ (Zone Transfer, DNS Zone Takeover, Subdomain Takeover).
Discover Dangling Domains that point to your cloud assets to prevent subdomain takeover
Discover Dangling Domains that point to your cloud assets to prevent subdomain takeover
How I found 130+ Sub-domain Takeover vulnerabilities using Nuclei
http://www.e-ontap.com/blog/?date=202203
http://www.e-ontap.com/dns/csec87/
GitHub - punk-security/dnsReaper: dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!
HowToHunt.md | HowToHunt
GitHub - PushpenderIndia/subdover: Subdover is a MultiThreaded Subdomain Takeover Vulnerability Scanner Written In Python3
{{#tags}}- {{label}}
{{/tags}}