HackDig : Dig high-quality web security articles for hacker

DNS exfiltration case study

Lately, we came across a remote code execution in a Tomcat web service by utilizing Expression Language. The vulnerable POST body field expected a number. When sending ${1+2} instead, the web site included a Java error message about a failed conversion to java.lang.Long from java.lang.String with value "3". From that error message we learned a couple of thin
Publish At:2020-03-04 10:31 | Read:192 | Comments:0 | Tags:Breaking Building DNS Dora Exfiltration

Corp.com is up for sale – check your Active Directory settings!

byDanny BradburyAn old domain that has lain dormant for 26 years is going on sale – and the results could be catastrophic for enterprises with poorly configured Active Directory setups.Brian Krebs reports that Mike O’Connor, a domain prospector who registered corp.com in 1994, wants to sell the domain for $1.7 million as he simplifies his estate.
Publish At:2020-02-15 12:43 | Read:346 | Comments:0 | Tags:Microsoft Security threats Active Directory Corp.com DNS dom

[SANS ISC] My Little DoH Setup

I published the following diary on isc.sans.edu: “My Little DoH Setup“: “DoH”, this 3-letters acronym is a buzzword on the Internet in 2019! It has been implemented in Firefox, Microsoft announced that Windows will support it soon. They are pro & con about encrypting DNS requests in  HTTPS but it’s not the goal of this di
Publish At:2019-11-25 09:25 | Read:796 | Comments:0 | Tags:SANS Internet Storm Center Security DNS DoH PiHole SANS

As Internet turns 50, more risks and possibilities emerge

This op-ed originally appeared in the San Francisco Chronicle on October 28, 2019. We occupy a richly-connected world. On the Internet, we collapse distance and shift time. But this Internet that delivers mail, connects us with friends, lets us work anywhere, and shop from the palm of the hand, is a mere 50 years old, slightly younger than Jennifer Anisto
Publish At:2019-11-11 23:20 | Read:468 | Comments:0 | Tags:Awareness arpanet dns domain domains history of the internet

Google’s Security Research Team Identifies and Fixes 7 Vulnerabilities in Dnsmasq

Google security experts disclosed seven distinct vulnerabilities in the Dnsmasq software package. Regardless of what you may think of Google as a company, it is difficult to criticize their prolific and in-depth security research. The latest example is their disclosure of seven distinct issues in the Dnsmasq software package. From the authors’ website,
Publish At:2017-10-03 09:45 | Read:3328 | Comments:0 | Tags:Breaking News Hacking DHCP DNS Dnsmasq Google

ShadowPad in corporate networks

 ShadowPad, part 2: Technical Details (PDF) In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The partner, which is a financial institution, discovered the requests originating on systems involved in the processing of financial transactions. Further investigation showed that the sour
Publish At:2017-08-15 14:15 | Read:4229 | Comments:0 | Tags:Featured Research Backdoor DNS Software supply-chain attack

DNS Attacks Could Cost Your Company $2 Million a Year

The DNS (Domain Name System) is the keystone of the proper functioning of the internet. Each time you access your email or your Facebook, you’re using it. So when a DNS server is under attack and inaccessible, every website that it supports also becomes unavailable. DNS attacks have already had a major impact in the functioning of companies, and it turns out
Publish At:2017-07-27 11:30 | Read:4030 | Comments:0 | Tags:Security b2b cybersecurity dns

A critical flaw allows hacking Linux machines with just a malicious DNS Response

A remote attacker can trigger the buffer overflow vulnerability to execute malicious code on affected Linux systems with just a malicious DNS response. Chris Coulson, Ubuntu developer at Canonical, has found a critical vulnerability Linux that can be exploited to remotely hack machines running the popular OS. The flaw, tracked as CVE-2017-9445, resides in th
Publish At:2017-06-29 10:25 | Read:2786 | Comments:0 | Tags:Breaking News Hacking DNS LINUX

Use of DNS Tunneling for C&C Communications

– Say my name. –! – You are goddamn right. Network communication is a key function for any malicious program. Yes, there are exceptions, such as cryptors and ransomware Trojans that can do their job just fine without using the Internet. However, they also require their victims to establish contact with the threat actor so they can
Publish At:2017-04-28 13:40 | Read:3954 | Comments:0 | Tags:Blog Research Backdoor DNS Malware Descriptions Malware Tech

[SANS ISC] DNS Query Length… Because Size Does Matter

I published the following diary on isc.sans.org: “DNS Query Length… Because Size Does Matter“. In many cases, DNS remains a goldmine to detect potentially malicious activity. DNS can be used in multiple ways to bypass security controls. DNS tunnelling is a common way to establish connections with remote systems. It is often based on “
Publish At:2017-04-20 12:35 | Read:3475 | Comments:0 | Tags:Logs Management / SIEM SANS Internet Storm Center Security D

DNS Evil Lurking Around Every Corner

Today, I came across a blog post that once again showcases the importance of properly managing DNS through its entire lifecycle.The article entitled “Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target” (sic) was written by Matthew Bryant (@IAmMandatory). It can be found here. It’s a bit of long read but serves as a great reminder a
Publish At:2017-01-24 15:10 | Read:5678 | Comments:0 | Tags:Featured Articles IT Security and Data Protection DNS Netsec

Switcher: Android joins the ‘attack-the-router’ club

Recently, in our never-ending quest to protect the world from malware, we found a misbehaving Android trojan. Although malware targeting the Android OS stopped being a novelty quite some time ago, this trojan is quite unique. Instead of attacking a user, it attacks the Wi-Fi network the user is connected to, or, to be precise, the wireless router that serves
Publish At:2016-12-28 11:20 | Read:5087 | Comments:0 | Tags:Blog Mobile DNS Google Android Mobile Malware Router

Hailstorm Spam in the Sights of New Detection System

The research teams at Cisco Talos and Umbrella have deployed a new system designed to detect hailstorm spam campaigns.Hailstorm spam is in some respects different from snowshoe spam. With the latter, a large number of IP addresses send out a low volume of spam email over an extended period of time. Snowshoe spam works that way to avoid raising any red flags
Publish At:2016-12-22 23:55 | Read:4049 | Comments:0 | Tags:Latest Security News Cisco Talos DNS hailstorm spam malware

[CRITICAL] CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

Have you ever been deep in the mines of debugging and suddenly realized that you were staring at something far more interesting than you were expecting? You are not alone! Recently a Google engineer noticed that their SSH client segfaulted every time they tried to connect to a specific host. That engineer filed a ticket to investigate the behavior and after
Publish At:2016-11-20 03:20 | Read:5292 | Comments:0 | Tags:Application Security Cyber Security Cyber Security Research

DNS Analysis and Tools

In this article, we will take a look at the complete DNS process, DNS lookup, DNS reverse lookup, DNS zone transfer, etc. along with some tools to analyze & enumerate DNS traffic.Domain Name System (DNS) is a naming system used to convert human readable domain names like infosecinstitute.com into a numerical IP address. The process works like this:
Publish At:2016-11-04 20:45 | Read:2963 | Comments:0 | Tags:DNS


Share high-quality web security related articles with you:)


Tag Cloud