Collaborate Disseminate
I’ve been doing a security audit and found out you can easily identify host roles and running services just by their computer name (using nslookup).
I would like to report this so that they use less obvious computer names an… Continue reading Computer name naming convention for security
I am working on a fast flux services (botnets) project. I have been looking for active lists of tracked and confirmed fast flux domains but those I found are old and their domains are not longer active. I am looking for an ac… Continue reading Active lists of fast flux domains [on hold]
Question:
Is a certificate issued to a subdomain valid for a CNAME in the parent domain assuming a common root CA cert and SAN listing both? (I think the answer is no but I’m uncertain).
Is there a proper way for DNS to pr… Continue reading Why is certificate rejected in firefox, but not IE and Chrome
here is the article that i am trying to follow .. DNS-Rebinding-Attack
i didn’t use linux like the Writer did …. i registered an account on a Free Web Hosting site … then uploaded the php files on it after adding my rout… Continue reading how can i bypass chrome Cross-Origin Blocking to perform dns rebinding?
A few workstations have been making dns requests to what looks to be DGA domains and talked to the security appliance vendor with little help. A vendor technician told me that some Apple servers responsible for a sanity check… Continue reading How to respond domain fluxing happening on workstations
What are the security risks with adding TXT records for third party tools? Can they get any information back from your servers with adding that record for them?
The example below is from the “have i been pwned” Web site:
… Continue reading A third party Web site wants me to validate my domain ownership using a TXT record
As you may/may not know, UK now has a very tough law on monitoring all citizens’ INTERNET CONNECTION RECORDS in real time. That means all DNS generated within your real-time traffic would be logged by ISPs for 12 months.
In… Continue reading Bing/Google Image Search Contains Illegal Results! What should I do?
My basic understanding of DNS cache poisoining is that at some local server the cache is been altered. i.e (some urls will be directed to malicious ip address instead of original).
So If I entered the IP address of a website… Continue reading DNS cache poisoining prevention by directly using ip instead of url
Whenever I query example.com, one of the TLD root servers for .com will be queried for example.com. This query includes my IP address, and in theory could be used to identify my browser session.
Given that jurisdictional do… Continue reading How can I ensure consistent privacy policy of my DNS server to that of the TLD’s privacy policy?
I want to make an evil DNS server that injects JavaScript code on any requested website even HTTPS. it could be used over WAN via changing the DNS setting on routers.
Suggestions for best tool for that and prefer to be open … Continue reading How to make an evil DNS server? [on hold]