The Hacker Blog  -  The Journey to Hijacking a Country’s TLD – The Hidden Risks of Domain Extensions

 -  Juin 2017 - 

I will liken him to a wise man, who built his house on a rock. The rain came down, the floods came, and the winds blew, and beat on that house; and it didn’t fall, for it was founded on the rock. Everyone who hears these words of mine, and doesn’t do them will be… Read More

par mandatory

The Hacker Blog

A Hacker's Blog of Unintended Use and Insomnia.

The .io Error – Taking Control of All .io Domains With a Targeted Registration

 -  Juillet 2017 - 

In a previous post we talked about taking over the .na,, and domain extensions with varying levels of DNS trickery. In that writeup (...)

Hacking Guatemala’s DNS – Spying on Active Directory Users By Exploiting a TLD Misconfiguration

 -  Janvier 2017 - 

Guatemala City, By Rigostar (Own work) [CC BY-SA 3.0], via Wikimedia Commons. UPDATE: Guatemala has now patched this issue after I reached out to (...)

Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target

 -  Janvier 2017 - 

In a past piece of research, we explored the issue of nameserver domains expiring allowing us to take over full control of a target domain. In (...)

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean

 -  Décembre 2016 - 

Recently, I found that Digital Ocean suffered from a security vulnerability in their domain import system which allowed for the takeover of 20K (...)

Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System

 -  Août 2016 - 

The above image is taken from here and was taken by Steve Jurvetson. EDIT: DigitalOcean seems to be getting a lot of flak from this post so I’d (...)