Under CT, any SSL/TLS certificate that is issued by a Certificate Authority (CA) that participates in CT will be logged to one or more public Certificate Transparency Logs (CTLs). The goal of CT is to make it easier for organizations and users to detect fraudulent or misissued SSL/TLS certificates by providing a publicly accessible log of all issued certificates. Some of the passive DNS enumeration techniques we'll discuss here are:Ĭertificate Transparency (CT) is a Google initiative that was created to improve the security of SSL/TLS certificates by making them publicly available. This data is typically collected automatically, and no interaction is required with the target domain. Passive subdomain enumeration is performed by using publicly available data, such as search engine results, querying DNS records on DNS servers, and so on. There are generally two different approaches to performing subdomain enumeration: either actively or passively. This can be done by querying public DNS servers, or by looking through public records such as the WHOIS database. ![]() Regularly checking your DNS record and your DNS configuration can help! How to perform subdomain enumerationĮnumeration starts from a list of domain names and tries to find hostnames that resolve to IP addresses. Maintaining your DNS records and DNS servers can prevent a lot of risk exposures or potentially devastating attacks on your organization's environment. It is also really helpful to find old, deprecated, and potentially vulnerable applications hosted on subdomains of which no one still knows why they exist or who maintains them.įinally, it can disclose misconfigured DNS entries that can lead to a lot of information leakage, such as internal IP addresses. This can be helpful in organizational security efforts, as it can help identify potential weak points that may need to be addressed. Organizations can use subdomain enumeration for a variety of purposes, such as inventorying their owned domains, or identifying which domains are being used for which purposes. Or they could decide to target a specific domain or multiple subdomains to start their attacks on. Starting from internet-wide scan data or an IP address pool attackers can derive a list of multiple domains that might be interesting to harvest sub domains. Vulnerable subdomains can also be used to launch phishing attacks or other types of social engineering attacks through subdomain takeover attacks. For example, if an organization has a blog hosted at, and the blog software is not kept up to date, an attacker may be able to exploit it and gain access to the main domain.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |