Category: Threat Intelligence
-
ShadowFindr – Uncover domain shadowing attacks
—
by
At the DNS Community Day organized by DNS-OARC at the APRICOT 2024/APNIC 57 conference, we released ShadowFindr, a web tool to detect potential domain shadowing attacks. Who is living off your domain name? ShadowFindr is a web tool built for domain name registrants that helps identify potential domain shadowing attacks. We have written about domain…
-
DNS-OARC DNS Community Day
—
by
The DNS-OARC folks organized a DNS Community Day at the APRICOT 2024/APNIC 57 conference on 26th February 2024. About DNS-OARC The DNS Operations, Analysis, and Research Center (DNS-OARC) brings together key operators, implementors, and researchers on a trusted platform so they can coordinate responses to attacks and other concerns, share information and learn together. The…
-
Domain shadowing
—
by
Domain shadowing is a technique listed by MITRE ATT&CK as T1584.001 sub-technique of T1584 This technique is not to be confused with subdomain hijacking What is a domain shadowing attack? Threat actors gain control of the DNS control panel of legitimate domain names by brute force and stealthily insert subdomains pointing to the attackers’ network…
-
Web shell – A primer
—
by
What is a web shell? A web shell is a malicious script written using commonly used web application languages such as PHP, JSP, or ASP. They provide an attacker with a easy way to attack a compromised web server via web-based vulnerabilities, and once installed on a web server’s operating system, the web shell’s facilitate…
-
DNS KeyTrap vulnerability
—
by
DNS KeyTrap vulnerability is a critical flaw in the design of DNSSEC (DNS Security Extensions). A single DNS packet can exhaust the CPU, causing a Denial of Service in a DNSSEC validating recursive resolver. Security researchers at the German National Research Center for Applied Cybersecurity ATHENE uncovered the critical flaw, which has been assigned and listed as CVE-2023-50387 and CVE-2023-50868…
