Category: Threat Intelligence

  • ShadowFindr – Uncover domain shadowing attacks

    ShadowFindr – Uncover domain shadowing attacks

    At the DNS Community Day organized by DNS-OARC at the APRICOT 2024/APNIC 57 conference, we released ShadowFindr, a web tool to detect potential domain shadowing attacks. Who is living off your domain name? ShadowFindr is a web tool built for domain name registrants that helps identify potential domain shadowing attacks. We have written about domain…

  • DNS-OARC DNS Community Day

    DNS-OARC DNS Community Day

    The DNS-OARC folks organized a DNS Community Day at the APRICOT 2024/APNIC 57 conference on 26th February 2024. About DNS-OARC The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together key operators, implementors, and researchers on a trusted platform so they can coordinate responses to attacks and other concerns, share information and learn together. The…

  • Domain shadowing

    Domain shadowing

    Domain shadowing is a technique listed by MITRE ATT&CK as T1584.001 sub-technique of T1584 This technique is not to be confused with subdomain hijacking What is a domain shadowing attack? Threat actors gain control of the DNS control panel of legitimate domain names by brute force and stealthily insert subdomains pointing to the attackers’ network…

  • Web shell – A primer

    Web shell – A primer

    What is a web shell? A web shell is a malicious script written using commonly used web application languages such as PHP, JSP, or ASP. They provide an attacker with a easy way to attack a compromised web server via web-based vulnerabilities, and once installed on a web server’s operating system, the web shell’s facilitate…

  • DNS KeyTrap vulnerability

    DNS KeyTrap vulnerability

    DNS KeyTrap vulnerability is a critical flaw in the design of DNSSEC (DNS Security Extensions). A single DNS packet can exhaust the CPU, causing a Denial of Service in a DNSSEC validating recursive resolver. Security researchers at the German National Research Center for Applied Cybersecurity ATHENE uncovered the critical flaw, which has been assigned and listed as CVE-2023-50387 and CVE-2023-50868…