DNS Abuse & Misconfiguration
The History of DNS Vulnerabilities and the Cloud
https://unit42.paloaltonetworks.com/dns-vulnerabilities/
Dangling Domains: Security Threats, Detection and Prevalence
https://unit42.paloaltonetworks.com/dangling-domains/
Fishing the AWS IP Pool for Dangling Domains
https://bishopfox.com/blog/fishing-the-aws-ip-pool-for-dangling-domains
Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target
https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/
The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean
https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/
The .io Error – Taking Control of All .io Domains With a Targeted Registration
https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/
The International Incident – Gaining Control of a .int Domain Name With DNS Trickery
https://thehackerblog.com/the-international-incident-gaining-control-of-a-int-domain-name-with-dns-trickery/
Hostile Subdomain Takeover using Heroku/Github/Desk + more
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Dangling DNS: Amazon EC2 IPs
https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state
Eliminating Dangling Elastic IP Takeovers with Ghostbuster
https://blog.assetnote.io/2022/02/13/dangling-eips/
Internet-Wide Analysis of Subdomain Takeovers
https://redhuntlabs.com/blog/project-resonance-wave-1.html
Subdomain Takeover
https://0xpatrik.com/subdomain-takeover-basics/
https://0xpatrik.com/subdomain-takeover-candidates/
https://0xpatrik.com/takeover-proofs/
https://0xpatrik.com/subdomain-takeover-ns/
https://0xpatrik.com/subdomain-takeover/
#dns #abuse #aws #elastic #subdomain #takeover
The History of DNS Vulnerabilities and the Cloud
https://unit42.paloaltonetworks.com/dns-vulnerabilities/
Dangling Domains: Security Threats, Detection and Prevalence
https://unit42.paloaltonetworks.com/dangling-domains/
Fishing the AWS IP Pool for Dangling Domains
https://bishopfox.com/blog/fishing-the-aws-ip-pool-for-dangling-domains
Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target
https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/
The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean
https://thehackerblog.com/the-orphaned-internet-taking-over-120k-domains-via-a-dns-vulnerability-in-aws-google-cloud-rackspace-and-digital-ocean/
The .io Error – Taking Control of All .io Domains With a Targeted Registration
https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/
The International Incident – Gaining Control of a .int Domain Name With DNS Trickery
https://thehackerblog.com/the-international-incident-gaining-control-of-a-int-domain-name-with-dns-trickery/
Hostile Subdomain Takeover using Heroku/Github/Desk + more
https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/
Dangling DNS: Amazon EC2 IPs
https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state
Eliminating Dangling Elastic IP Takeovers with Ghostbuster
https://blog.assetnote.io/2022/02/13/dangling-eips/
Internet-Wide Analysis of Subdomain Takeovers
https://redhuntlabs.com/blog/project-resonance-wave-1.html
Subdomain Takeover
https://0xpatrik.com/subdomain-takeover-basics/
https://0xpatrik.com/subdomain-takeover-candidates/
https://0xpatrik.com/takeover-proofs/
https://0xpatrik.com/subdomain-takeover-ns/
https://0xpatrik.com/subdomain-takeover/
#dns #abuse #aws #elastic #subdomain #takeover
👍1🔥1
⌛ Attacking Predictable GUID
Few penetration testers and bug bounty hunters are aware of the different versions of GUIDs and the security issues associated with using the wrong one. In this blog post walk through an account takeover issue from a recent penetration test where GUIDs were used as password reset tokens.
https://www.intruder.io/research/in-guid-we-trust
#web #pentest #guid #account #takeover
Few penetration testers and bug bounty hunters are aware of the different versions of GUIDs and the security issues associated with using the wrong one. In this blog post walk through an account takeover issue from a recent penetration test where GUIDs were used as password reset tokens.
https://www.intruder.io/research/in-guid-we-trust
#web #pentest #guid #account #takeover
www.intruder.io
In GUID We Trust
GUIDs (often called UUIDs) are widely used in modern web applications. However, seemingly very few penetration testers and bug bounty hunters are aware of the different versions of GUIDs and the security issues associated with using the wrong one.
❤🔥4
🔐 Exploiting SCCM’s AdminService API for Site Takeover 🔐
Extensive research into SCCM services has revealed a security flaw within the AdminService API, exploiting the authentication process and leading to unauthorized access. The AdminService API, backed by Microsoft Negotiate authentication, could be leveraged by malicious actors for privilege escalation, granting unauthorized Full Administrator privileges on the targeted site.
🌐 Details:
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #sccm #site #takeover
Extensive research into SCCM services has revealed a security flaw within the AdminService API, exploiting the authentication process and leading to unauthorized access. The AdminService API, backed by Microsoft Negotiate authentication, could be leveraged by malicious actors for privilege escalation, granting unauthorized Full Administrator privileges on the targeted site.
🌐 Details:
https://posts.specterops.io/site-takeover-via-sccms-adminservice-api-d932e22b2bf
#ad #sccm #site #takeover
Medium
Site Takeover via SCCM’s AdminService API
tl:dr: The SCCM AdminService API is vulnerable to NTLM relaying and can be abused for SCCM site takeover.
🔥8👍1