Shreshta Blog

We uncover badness.

Swapneel Patnekar

Open Resolvers: Understanding security risks and best practices

An “open resolver” is a DNS server that accepts and resolves a domain name recursively for anyone on the internet. In this blog post, we will share the security risks of open resolvers and best practices. At the time of writing, there were 192920 open resolvers in India with recursion enabled. While most of these …

Open Resolvers: Understanding security risks and best practices Read More »

Domain shadowing attack

Attackers targeting .lk domains using domain shadowing attack

Before we deep dive into how attackers target .lk domains using domain shadowing attack, first, a primer on registration of a domain name under .lk namespace. tl;dr registration of a domain name under .lk namespace is regulated The domain registration policy says the LK registry may ask for documents supporting the request for a domain …

Attackers targeting .lk domains using domain shadowing attack Read More »

Phishing targeting HDFC Bank customers

Security researchers at Shreshta IT, using our threat intelligence platform SDINET, have identified a phishing website and Android app targeting HDFC Bank customers. About HDFC Bank Limited HDFC Bank Limited is an Indian banking and financial services company headquartered in Mumbai. It is India’s largest private sector bank by assets and world’s 10th largest bank …

Phishing targeting HDFC Bank customers Read More »

Phishing campaign targeting Github

Earlier this week, on 21st September, GitHub published a blog post – Security alert: new phishing campaign targets GitHub users The gist of it was, On September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself …

Phishing campaign targeting Github Read More »

Phishing Campaign – Adidas and Nike

Our threat intelligence platform – SDINET, ingests DNS data from various sources. Our security researchers have detected a phishing campaign wherein the adversaries have registered domain names impersonating brands such as Adidas and Nike. Adidas AG is a German multinational corporation, founded and headquartered in Herzogenaurach, Bavaria, that designs and manufactures shoes, clothing and accessories. …

Phishing Campaign – Adidas and Nike Read More »