Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DNS

Enriched attack surface view, DNS filtering, and more

Taking action on your attack surface requires a complete overview of what is exposed. This includes details such as open – and previously open! – ports, DNS records, and when the asset was last seen. These details help security teams respond more effectively to issues as they occur in production. It’s now possible for Surface Monitoring customers to drill down into an asset with the new Details page, which you can access by selecting an asset from the Attack Surface view.

How DNS filtering can help protect your business from Cybersecurity threats

The Domain Name System (DNS) is an important tool that connects devices and services together across the Internet. Managing your DNS is essential to your IT cybersecurity infrastructure. When poorly managed, DNS can become a huge landscape for attackers. Nonetheless, when properly configured, DNS is a key line of defense against cyber threats for your organization. DNS filtering is an essential component of business cybersecurity.

Out of Band (OOB) Data Exfiltration via DNS

Last week, I attended the NotSoSecure Advanced Web Hacking training. While there were plenty of interesting topics taught, one that caught my attention was Out-of-Band (OOB) Data Exfiltration using DNS. Back in 2018, NotSoSecure published an Out of Band Exploitation (OOB) CheatSheet. In that document, they cover methods by which you can exfiltrate data. One of these uses files written to disk and multiple DNS queries to send large chunks of data.

A stitch in BIND saves nine

A vulnerability was discovered in the named DNS server implementation contained in the development branch builds of BIND 9. This is a story of catastrophe averted. It’s a case study for the value of fuzzing in software development. Synopsys Cybersecurity Research Center (CyRC) researchers discovered a denial-of-service vulnerability in development branch builds of BIND 9 by Internet Systems Consortium (ISC).

What is DNS hijacking? Redirection Attacks Explained (and Prevention)

Almost everybody in this world uses the Internet. Some use it for work, some for education, some to stay connected with the world and their loved ones, some for shopping, and some use it to browse the world wide web in their leisure time. DNS Hijacking or DNS redirection attacks are a widespread security threat many DNS servers face in today’s modern digital world.

NAME:WRECK DNS Bugs: What You Need to Know

For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries. That’s because the Domain Name System (DNS) protocol does a good job of seamlessly routing users to different IP addresses that are all associated with a single domain name.

Stories from the SOC - DNS recon + exfiltration

Our Managed Threat Detection and Response team responded to an Alarm indicating that suspicious reconnaissance activity was occurring internally from one of our customer's scanners. This activity was shortly followed by escalating activity involving brute force activity, remote code execution attempts, and exfiltration channel probing attempts all exploiting vulnerable DNS services on the domain controllers.

DNS Hijacking - Taking Over Top-Level Domains and Subdomains

TL;DR: On January 7, the Detectify security research team found that the .cd top-level domain (TLD) was about to be released for anyone to purchase and claimed it to keep it secure before any bad actors snatched it up. A technical report with full details is available on Detectify Labs. This blog post will discuss the basics of domain takeover.