Collaborate Disseminate
Are there any security reasons against "drop-www"?
In other words, are there any security reasons against using an apex [1] domain name such as example.com instead of a subdomain such as www.example.com?
Quote https://www.bjornjo… Continue reading Are there any security reasons against "drop-www" (using example.com instead of www.example.com)?
One way I use to find domains owned by the same people is through tracking codes (Google Analytics and such). Recently I’ve come across a domain with this tracker code:
d1lxhc4jvstzrp
When I lookup domains with this tracking code on VirusT… Continue reading Amazon Cloudfront trackers, do they mean anything in an investigation?
When I go to Google Search Console and do a URL Inspection I get the message: Page is a Redirect.
When I check the data, I see a Referring site that is not mine.
I don’t know the domain and it’s a dead link.
I want to know what causes this… Continue reading Can another site redirect my domain name unintentionally? [closed]
I’m looking for a specific answer regarding the TLS handshake in a scenario of domain-fronting.
Following hensonsecurity and zscaler blogs I have noticed that a detailed description regarding the re-direct / routing scheme is missing when … Continue reading DomainFronting – re-routing and SSL certificats
A few years back, we own a website called mysiteA.com, later we didn’t want that so we haven’t re-new that domain name. It was hosted on GoDaddy.
After a year, someone bought that domain, and the shocking thing is, that the source code for… Continue reading Block a website that use my application code [closed]
Currently my domain is sitting without DNSSEC security because my domain provider didnt support it for my ccTLD domain, the feature will only be available once i renew my domain in about 2 months time.
As you can maybe guess, i am a vitcim… Continue reading How to stop/reduce constant DNS Spoof/Poisoning Attack from NGINX server if DNSSEC is not offered from provider?
According to this question, it seems to be not technically doable for having two TLS certificates on the same domain.
I have been analysing facebook.com domain using an online tool here, and I can see facebook.com has two certificates whic… Continue reading Having two TLS certificate on the same domain endpoint [closed]
I was trying to add a new certificate to our truststore. But I got the alias already exists error.
I can’t remove the old certificate yet, but I have to add the new certificate.
Will it matter if I imported the renewed certificate on a dif… Continue reading Does alias in a truststore matter?
Sometimes when checking whether requests are cross-origin, applications check whether the origin contains the whitelisted domain. This makes it possible to bypass the white-listing by including the whitelisted value in the subdomain.
E.g. … Continue reading How to get my exploit script served on arbitrary subdomain?
Sometimes when checking whether requests are cross-origin, applications check whether the origin contains the whitelisted domain. This makes it possible to bypass the white-listing by including the whitelisted value in the subdomain.
E.g. … Continue reading How to get my exploit script served on arbitrary subdomain?