A report from Root [DNS] Server Operations or rootops published on December 4th, 2015 stated that the Internet Domain Name System’s root name servers received a high rate of DNS queries over two separate intervals. The incidents occurred on November 30, 2015 and December 1st, 2015. The queries were…
BIND is most widely used DNS Server to date. A major flaw was found in BIND’s versions from 9.1.0 to 9.8.x, 9.9.0 to 9.9.7-P1, and 9.10.0 to 9.10.2-P2. (CVE-2015-5477) Attackers can exploit it by sending vulnerable servers…
Anonymity over the Internet has largely helped journalists escape clinching firewalls and surveillance of their governments. In fact, Freedom of the Press Foundation recommends use of The Onion Router (TOR) to better protect journalists’ from surveillance and in many instances prison (Lee, 2013). Anonymity in the World Wide Web allows…
/bin/bash #Simple zone transfer bash script with $1 being first argument given #Tested against zonetransfer.me #for example ./zonetransfer.sh zonetransfer.me if [ -z "$1" ];then echo "[] Simple Zone Transfer script" echo "[] Usage : $0 " exit 0 fi #if argument was given, identify DNS…
Egor Homakov of Sakurity claims, I’d say proved, that Google’s No Captcha reCaptcha might not be as bot proof as we thought. Due to reCAPTCHA’s reliance on user’s previous behavior (cookies), going incognito brings you to old school Captcha again. Now remember, this is same captcha…
via http://nknetobserver.github.io/ **Some noteworthy points:**- The allocated North Korean network range is 175.45.176.0/22 - 210.52.109.0 – 210.52.109.255 block is assigned to North Korea through Chinese company China Unicom - 77.94.35.0/24 — this block is…
Start with laying out what range of IP addresses you want to scan. I’d suggest keeping it limited to your specific targets. Then run this as root: nmap -sn -v -oG nmapped.txt 192.168.1.201-254 -sn (No port scan) .This option tells Nmap not to do a…
Want to get a bit geekier with your ping sweeps? Python Scapy can be used to create, modify, send, and intercept network packets and any TCP/IP layer. Here is a simple ping sweep script with Python Scapy: !/usr/bin/python from scapy.all import * TIMEOUT = 2 conf.verb = 0…
I’ve started studying for Offensive Security Certified Profession (OSCP) certification also called Penetration Testing with Kali (PWK). This certification claims to give you good grip on penetration testing which includes network and application side of things. When you sign up for 30, 60, or 90 days of labs ($$$) you…
SSL version 3 is still being supported across all platforms. That is , even though this encryption mechanism for the web is 15 years old, almost as old as Windows XP. Google researchers revealed today that SSL 3 might be vulnerable to Man in the Middle (MITM) attacks. Basically, an attacker…
The author would love to hear your comments. Let us discuss at Twitter @hashtaginfosec.