Collaborate Disseminate
On Facebook, malware is currently trying to spread itself using the domain googlediver (dot) com, one sample of a malicious url is https://googlediver (dot) com/list-of-traveling-staff , and I believe that domain is used exclusively to spr… Continue reading Anything I can do to combat malicious domains?
I’m doing some work for a government subsidiary in underdeveloped region in a developing country. (Giving this context to confirm that this is NOT FOR NEFARIOUS reasons).
I’ve got an email address like so dept@organization.gov.kr. Because … Continue reading How to find hosting site/login page for organization email [closed]
I’m learning about DNSSEC today but I don’t quite understand about how a parent zone would store all of its child’s Key Signing Keys (DNSKEY 257) in its DS record set.
As far as I understand, if I have a subdomain, say, subdomain.icann.org… Continue reading Since the DS recordset contains all of the child’s Key Signing Key, wouldn’t the DS recordset be massive and difficult to load for verification?
Imagine a country ruled by a non-democratic government with an explicit disregard to local and international laws. The national registry for local domains (Country code top-level domains) falls under their area of influence. We know that t… Continue reading Country code top-level domain (ccTLD) hijacking?
I have a public facing IP address setup at a VM in the Google Cloud Platform.
I am wondering, if it is possible as an outsider to take away this public IP, or pretend another computer is this public IP address.
Motivation is that my client… Continue reading How secure is my IP address?
For context, I have limited knowledge pertaining to computer networks, and the recent seizure of z-library brought up some questions I am unsure of, and I can’t seem to find much information online.
From my current understanding:
When you … Continue reading What does a domain seizure entail?
I want to add an extra layer of security/validation into our app/network. I plan to do some mTLS in which we will provide customers with a certificate to use in the TLS handshake. However, I want the customer to pass proof of domain owners… Continue reading Real time domain verification through DV cert or DNS check?
While enumerating a DNS server for a HTB machine, I’ve tried finding a domain name for 127.0.0.1:
┌──(kali㉿kali)-[~]
└─$ dig -x 127.0.0.1 @10.10.11.166
; <<>> DiG 9.18.1-1-Debian <<>> -x 127.0.0.1 @10.10.11.166
;;… Continue reading DNS reverse lookup not finding domain name during enumeration
Currently my domain is sitting without DNSSEC security because my domain provider didnt support it for my ccTLD domain, the feature will only be available once i renew my domain in about 2 months time.
As you can maybe guess, i am a vitcim… Continue reading How to stop/reduce constant DNS Spoof/Poisoning Attack from NGINX server if DNSSEC is not offered from provider?
I know all baseline steps to do DNS enumeration over a domain. But my questions is: how can I enumerate a server when I do not know which domain it is managing and I only have its IP address?
My scenario: I discovered 2 DNS servers running… Continue reading DNS Enumeration by IP Address