Domain-Protect - OWASP Domain Protect - Prevent Subdomain Takeover

OWASP Global AppSec Dublin - talk and demo Features scan Amazon Route53 across an AWS Organization for domain records vulnerable to takeover scan Cloudflare for vulnerable DNS records take over vulnerable subdomains yourself before attackers and bug bounty researchers automatically create known...

Ghostbuster - Eliminate Dangling Elastic IPs By Performing Analysis On Your Resources Within All Your AWS Accounts

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. Ghostbuster obtains all the DNS records present in all of your AWS accounts Route53, and can optionally take in records via CSV input, or via Cloudflare. After these records are collected,...

Domain-Protect - Protect Against Subdomain Takeover

Protect Against Subdomain Takeover scans Amazon Route53 across an AWS Organization for domain records vulnerable to takeover vulnerable domains in Google Cloud DNS can be detected by Domain Protect for GCP deploy to security audit account scan your entire AWS Organization receive alerts by Slack ...

Black Hat: Novel DNS Hack Spills Confidential Corp Data

LAS VEGAS – Amazon and Google patched a domain name service DNS bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed web resources. The vulnerability, outlined in a Black Hat USA 20...

Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic

Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service DNSaaS providers that could allow attackers to exfiltrate sensitive information from corporate networks. "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic...

resource-agents security update

4.1.1-68 - azure-lb: fix redirect issue Resolves: rhbz1850778 4.1.1-67 - gcp-vpc-move-vip: add support for multiple alias IPs Resolves: rhbz1846733 4.1.1-65 - azure-events: handle exceptions in urlopen Resolves: rhbz1845574 4.1.1-64 - nfsserver: fix NFSv4-only support - azure-events: new resource...

DAGOBAH - Open Source Tool To Generate Internal Threat Intelligence, Inventory & Compliance Data From AWS Resources

Dagobah is an open source tool written in python to automate the internal threat intelligence generation, inventory collection and compliance check from different AWS resources. Dagobah collects information and save the state into an elasticsearch index. Dagobah runs into the a LAMBDA and looks a...

Kubernetes: Route53 Subdomain Takeover on test-cncf-aws.canary.k8s.io

Summary: I discovered that it was possible to takeover test-cncf-aws.canary.k8s.io by assigning a zone to that name with one of the following nameservers in Route53: test-cncf-aws.canary.k8s.io. 3600 IN NS ns-265.awsdns-33.com. test-cncf-aws.canary.k8s.io. 3600 IN NS ns-687.awsdns-21.net...

DNSControl - Synchronize your DNS to multiple providers from a simple DSL

DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language DSL for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, CloudFlare, and Gandi. It can talk to Microsoft ActiveDirectory and it...

Synchronize Your DNS to Multiple Providers: DNSControl

Synchronize Your DNS to Multiple Providers DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language DSL for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, CloudFlare, and Gandi. It ca...

Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System

The above image is taken from here and was taken by Steve Jurvetson. EDIT: DigitalOcean seems to be getting a lot of flak from this post so I’d just like to point out that I feel DigitalOcean’s reaction in this case was entirely justified they saw an anomaly and they put a stop to it. The only...