DNS: Hunting Perspective

In a separate post, we talked about the possible different attack vectors of DNS. That post is not entire complete, and there are many more creative ways to use DNS as an attack vector. In this post however, we’re going to be looking at the more technical aspects of DNS, such as the protocols, byte […]

Server Side Request Forgery

Server Side Request Forgery, or SSRF, is an attack where the attacker is able to make a request to an internal resource by pivoting through the server. By leveraging on the server to make a request to the internal resource, the request become seen as legitimate, because internal systems usually trust each other. SSRF through […]

XSS – Revisited

I’ve been doing this lessons by Pentesterlabs, and i’ve learnt a few new things there, which is always great! To be honestly, i’ve never had any proper training or course in terms of offensive cyber security, especially the web. My experiences have mostly been centered around the Linux kernel, which is pretty niche and narrow. In […]

DNSSEC

In the previous post, we talked about some of the attack vectors on the DNS. In this post, we’re going to be talking about DNSSEC, which is an attempt to make the DNS more secure. A point to note, DNSSEC does not provide Confidentiality, but only Integrity. Integrity in this case is ensuring that the […]

DNS Attack Vectors

Before looking at DNS Attack Vectors, let’s do a quick recap of what a DNS is, and what are it’s functions. What is a DNS? DNS, or Domain Name System, is a server that provides Name to IP Address resolution. When people visit websites, it’s much easier for them to remember words, such as Facebook […]

Domain Fronting and SNI

Domain fronting is a malicious act of appearing to request to visit a legitimate site (the front), while in actual fact, the request is going to another website. Domain fronting relies on the SSL technology to work, where the service provider is unable to see the actual malicious hostname the request is going to, but […]

The Cyber Kill Chain

The Cyber Kill Chain (CKC) is a sequential set of steps that takes place when an attack happens. There are many variations of the CKC by different companies such as , but the “trusted” and most convincing variant is by Lockheed Martin. This CKC is pretty straightforward, and by disrupting any part of the kill […]

Side Channel Data Exfiltration

A typical data exfiltration attack can be quite easy to spot. By monitoring the usage of common protocols such as HTTP, HTTPS, FTP or even DNS, we can deduce if a data exfiltration is taking place. Most modern DLP (Data Leak Prevention) solutions today that incorporate network analysis can perform such detection across multiple protocols. […]

Looking out for C2 Traffic

Types of C2 Communication When a host gets infected with a malware, sometimes it will attempt to call back to it’s Command and Control (C2) to get, or send information. There are 4 types of C2 communication traffic Beacon After a host has been compromised, the malware will send a message heartbeat to the C2 […]