Swapneel Patnekar, Author at DNS Security & Threat Intelligence Blog | Shreshta

Zerodha users targeted with a pig-butchering scam

Vivek Halappanavar and Swapneel Patnekar — Wed, 11 Sep 2024 08:04:56 +0000

Threat researchers at Shreshta have uncovered a pig-butchering scam targeting Zerodha users. The phishing websites are impersonating Zerodha, a reputed stockbroking and financial services company, duping investors into investing in fake crypto and investment schemes. What is a pig-butchering scam? A pig butchering scam, a.k.a. “Sha Zhu Pan” or Shazhupan, (Chinese: 杀猪盘), translated as Killing […]

The post Zerodha users targeted with a pig-butchering scam appeared first on DNS Security & Threat Intelligence Blog | Shreshta.

Whois API free

Swapneel Patnekar — Mon, 26 Aug 2024 17:15:48 +0000

Are you looking for a reliable, easy-to-use, and free Whois API? Our new Whois API service offers fast, accurate domain information data, making it an ideal solution for security researchers, SOC analysts etc The Whois API provides the creation date and registrar name. The API requires no registration or token generation. The above request, returns […]

The post Whois API free appeared first on DNS Security & Threat Intelligence Blog | Shreshta.

ShadowFindr – Uncover domain shadowing attacks

Swapneel Patnekar — Wed, 13 Mar 2024 16:07:29 +0000

At the DNS Community Day organized by DNS-OARC at the APRICOT 2024/APNIC 57 conference, we released ShadowFindr, a web tool to detect potential domain shadowing attacks. Who is living off your domain name? ShadowFindr is a web tool built for domain name registrants that helps identify potential domain shadowing attacks. We have written about domain […]

The post ShadowFindr – Uncover domain shadowing attacks appeared first on DNS Security & Threat Intelligence Blog | Shreshta.

Domain shadowing

Swapneel Patnekar — Sat, 24 Feb 2024 13:15:06 +0000

Domain shadowing is a technique listed by MITRE ATT&CK as T1584.001 sub-technique of T1584 This technique is not to be confused with subdomain hijacking What is a domain shadowing attack? Threat actors gain control of the DNS control panel of legitimate domain names by brute force and stealthily insert subdomains pointing to the attackers’ network […]

The post Domain shadowing appeared first on DNS Security & Threat Intelligence Blog | Shreshta.

Web shell – A primer

Vivek Halappanavar, Swapneel Patnekar and Pranay Patil — Thu, 22 Feb 2024 06:51:44 +0000

What is a web shell? A web shell is a malicious script written using commonly used web application languages such as PHP, JSP, or ASP. They provide an attacker with a easy way to attack a compromised web server via web-based vulnerabilities, and once installed on a web server’s operating system, the web shell’s facilitate […]

The post Web shell – A primer appeared first on DNS Security & Threat Intelligence Blog | Shreshta.

DNS KeyTrap vulnerability

Swapneel Patnekar — Sat, 17 Feb 2024 12:21:32 +0000

DNS KeyTrap vulnerability is a critical flaw in the design of DNSSEC (DNS Security Extensions). A single DNS packet can exhaust the CPU, causing a Denial of Service in a DNSSEC validating recursive resolver. Security researchers at the German National Research Center for Applied Cybersecurity ATHENE uncovered the critical flaw, which has been assigned and listed as CVE-2023-50387 and CVE-2023-50868 […]

The post DNS KeyTrap vulnerability appeared first on DNS Security & Threat Intelligence Blog | Shreshta.

What is a DNS Firewall?

Swapneel Patnekar — Tue, 06 Feb 2024 17:03:54 +0000

A DNS firewall also known as Protective DNS is an enterprise network security solution. It filters and manages DNS queries and responses. It protects organizations from cyber threats. These threats include phishing, malware, cryptojacking, domain generation algorithms(DGA), command and control (C2) domain names. It determines which domain names users can access based on set rules […]

The post What is a DNS Firewall? appeared first on DNS Security & Threat Intelligence Blog | Shreshta.

Having Teen Patti fun? Beware of malware apps!

Swapneel Patnekar — Sat, 03 Feb 2024 08:55:01 +0000

Having Teen Patti fun? Beware of malware apps! Shreshta Threat Intelligence team have detected many websites providing Teen Patti game downloads infected with malware. About Teen Patti Teen Patti is a gambling card game. Teen Patti originated in India and is popular throughout South Asia. It evolved from the English game of three-card brag, with […]

The post Having Teen Patti fun? Beware of malware apps! appeared first on DNS Security & Threat Intelligence Blog | Shreshta.

What are Newly Registered Domain Names?

Swapneel Patnekar — Tue, 30 Jan 2024 13:03:06 +0000

On any given day, thousands of domain names are registered on a daily basis on the Internet. Newly Registered domain names (NRD) are used by enterprises and individuals for legitimate purposes and by threat actors for malicious purposes. What are newly registered domain names? By definition, a newly registered domain name(NRD) is one which has […]

The post What are Newly Registered Domain Names? appeared first on DNS Security & Threat Intelligence Blog | Shreshta.

Fake Google Play Store

Swapneel Patnekar — Thu, 18 Jan 2024 12:47:11 +0000

Executive Summary While malicious and fake apps in the Google Play Store is common, Shreshta Threat Intelligence team has detected multiple fake Google Play Store websites which impersonate the Google Play Store. This gives an impression to the user, that they are visiting the Google Play Store. If the user clicks on the Install button, […]

The post Fake Google Play Store appeared first on DNS Security & Threat Intelligence Blog | Shreshta.