Don't Use Public Wi-Fi Without DNS Filtering
Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today’s society. I like the fact that I do not have to worry about accessing...
Tagged: DNS
New side channel attack resurrects DNS poisoning threat
The research on the vulnerability, designated CVE-2021-20322, was presented Wednesday by researchers at the ACM Conference on Computer and Communications Security in South Korea. click here to read full Article Read more on Malware...
Home » Security Boulevard (Original) » DNSSEC: The Secret Weapon Against DNS Attacks DNSSEC: The Secret Weapon Against DNS Attacks
DNSSEC can be an extremely effective method to prevent DNS attacks that deliver bad or false responses to a device’s query, including cache poisoning and domain hijacking. click here to read full Article Read...
DNSTake – A Fast Tool To Check Missing Hosted DNS Zones That Can Lead To Subdomain Takeover
A fast tool to check missing hosted DNS zones that can lead to subdomain takeover. What is a DNS takeover? DNS takeover vulnerabilities occur when a subdomain (subdomain.example.com) or domain has its authoritative nameserver...
Saving Private Networks from DNS Rebinding
Attackers use the DNS rebinding technique to exploit private networks. It can take over victims’ browsers and exposes the attack surface of internal web applications to malicious websites, which can be dangerous. Web browser...
DNSMonster – Passive DNS Capture/Monitoring Framework
Passive DNS collection and monitoring built with Golang, Clickhouse and Grafana: dnsmonster implements a packet sniffer for DNS traffic. It can accept traffic from a pcap file, a live interface or a dnstap socket,...
Internet Systems Consortium (ISC) fixes High-Severity DoS flaw in BIND DNS Software
The Internet Systems Consortium (ISC) has released security updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2021-25218, that affects its BIND DNS software. click here to read full Article Read more on...
How To Fix The DNS Server Isn’t Responding Error
Many users have reported getting the DNS server not responding error whenever they try to visit the website through their browsers. You need DNS (Domain Name Servers) to access the websites. However, you may...
Tko-Subs – A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records
This tool allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to a CMS provider (Heroku, Github, Shopify, Amazon S3, Amazon CloudFront, etc.) that can be...
CredPhish – A PowerShell Script Designed To Invoke Legitimate Credential Prompts And Exfiltrate Passwords Over DNS
CredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. It relies on CredentialPicker to collect user passwords, Resolve-DnsName for DNS exfiltration, and Windows Defender’s ConfigSecurityPolicy.exe to perform arbitrary GET requests....
Akamai DNS global outage took down major websites
A software configuration update in the Akamai DNS triggered a bug which took offline major websites and online services, including Steam, the PlayStation Network, Newegg, AWS, Amazon, Google, and Salesforce. Akamai is investigating an...
Dozens of web apps vulnerable to DNS cache poisoning via ‘forgot password’ feature
In a study of 146 web applications, Timo Longin, security researcher at SEC Consult, found misconfigurations that malicious actors could exploit to redirect password reset emails to their own servers. click here to read...
DNSStager – Hide Your Payload In DNS
DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your...
DNSrr – A Tool Written In Bash, Used To Enumerate All The Juicy Stuff From DNS
DNSrr is a tool written in bash, used to enumerate all the juicy stuff from DNS records, it uses different techniques like DNS Forward Bruteforce DNS Reverse Bruteforce DNS Cache Snooping DNS Zone Transfer...
Review of dnsx – a multi-purpose DNS toolkit
Dnsx is a fast and multi-purpose DNS toolkit that allows you to run multiple probers… Review of dnsx – a multi-purpose DNS toolkit on Latest Hacking News. click here to read full Article Read...
Invoke-DNSteal – Simple And Customizable DNS Data Exfiltrator
Invoke-DNSteal is a Simple & Customizable DNS Data Exfiltrator. This tool helps you to exfiltrate data through DNS protocol over UDP and TCP, and lets you control the size of queries using random delay....
