Collaborate Disseminate
I’m looking for a specific answer regarding the TLS handshake in a scenario of domain-fronting.
Following hensonsecurity and zscaler blogs I have noticed that a detailed description regarding the re-direct / routing scheme is missing when … Continue reading DomainFronting – re-routing and SSL certificats
A few years back, we own a website called mysiteA.com, later we didn’t want that so we haven’t re-new that domain name. It was hosted on GoDaddy.
After a year, someone bought that domain, and the shocking thing is, that the source code for… Continue reading Block a website that use my application code [closed]
Currently my domain is sitting without DNSSEC security because my domain provider didnt support it for my ccTLD domain, the feature will only be available once i renew my domain in about 2 months time.
As you can maybe guess, i am a vitcim… Continue reading How to stop/reduce constant DNS Spoof/Poisoning Attack from NGINX server if DNSSEC is not offered from provider?
According to this question, it seems to be not technically doable for having two TLS certificates on the same domain.
I have been analysing facebook.com domain using an online tool here, and I can see facebook.com has two certificates whic… Continue reading Having two TLS certificate on the same domain endpoint [closed]
I was trying to add a new certificate to our truststore. But I got the alias already exists error.
I can’t remove the old certificate yet, but I have to add the new certificate.
Will it matter if I imported the renewed certificate on a dif… Continue reading Does alias in a truststore matter?
Sometimes when checking whether requests are cross-origin, applications check whether the origin contains the whitelisted domain. This makes it possible to bypass the white-listing by including the whitelisted value in the subdomain.
E.g. … Continue reading How to get my exploit script served on arbitrary subdomain?
Sometimes when checking whether requests are cross-origin, applications check whether the origin contains the whitelisted domain. This makes it possible to bypass the white-listing by including the whitelisted value in the subdomain.
E.g. … Continue reading How to get my exploit script served on arbitrary subdomain?
I’m a newbie ethical hacker and bug bounty hunter. Lets, assume my target is somethingtohack.com, the thing is the company’s scope defines that the main domain is out of scope, but subdomains like subdomain.somethingtohack.com are in scope… Continue reading Can I escalate a main domain SSTI/RCE to all the subdomains belonging to that domain?
You can send your address (from, whatever) with the data.
For me, it’s logical to verify the domain’s IP (from whatever) with the sender’s IP.
This would mean, that you have to register a domain to send phishing emails.
Another point, of c… Continue reading Are phishing emails domain depending? [closed]
My network sniffer for websites has discovered a number of hosting domains in the report which I can not correctly assign to categories. I don’t know if there are providers behind these domains that load tags or trackers or if malware/adwa… Continue reading Looking for origin/ verification of malicious domain names