The Hacker Blog  -  The .io Error – Taking Control of All .io Domains With a Targeted Registration

 -  Juillet 2017 - 

In a previous post we talked about taking over the .na,, and domain extensions with varying levels of DNS trickery. In that writeup we examined the threat model of compromising a top level domain (TLD) and what some avenues would look like for an attacker to accomplish this goal. One of the fairly… Read More

par mandatory

The Hacker Blog

A Hacker's Blog of Unintended Use and Insomnia.

The Journey to Hijacking a Country’s TLD – The Hidden Risks of Domain Extensions

 -  Juin 2017 - 

I will liken him to a wise man, who built his house on a rock. The rain came down, the floods came, and the winds blew, and beat on that house; (...)

Hacking Guatemala’s DNS – Spying on Active Directory Users By Exploiting a TLD Misconfiguration

 -  Janvier 2017 - 

Guatemala City, By Rigostar (Own work) [CC BY-SA 3.0], via Wikimedia Commons. UPDATE: Guatemala has now patched this issue after I reached out to (...)

Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target

 -  Janvier 2017 - 

In a past piece of research, we explored the issue of nameserver domains expiring allowing us to take over full control of a target domain. In (...)

The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean

 -  Décembre 2016 - 

Recently, I found that Digital Ocean suffered from a security vulnerability in their domain import system which allowed for the takeover of 20K (...)

Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System

 -  Août 2016 - 

The above image is taken from here and was taken by Steve Jurvetson. EDIT: DigitalOcean seems to be getting a lot of flak from this post so I’d (...)