Search the Community

Synopsis: The recent DDoS drama with Dyn has had me reading up on Domain Name Systems (DNS). Time and time again, bad guys have proved that one of the best ways to execute a successful Distributed Denial of Service (DDoS) is to hit DNS servers. As a pentester, name servers do come up a lot during assessments, especially during the reconnaissance phases. We still come across a few public name servers allowing zone transfers every now and then, which is always a treat, but I hardly ever look at DNS servers as an actual target. I still haven’t come across a client that’s actually willing to pay anyone to bring their services down. The DDoS against Dyn was particularly troublesome because Dyn is a major DNS provider and the attacks caused serious outages to a number of popular sites; Twitter, Paypal, Reddit, Github, Spotify and more. Which got me thinking; if I was a bad guy doing my recon, looking for the best name servers to hit, how would I go about it? Which name servers would I pick? Querying a domain for the name server(s) it uses is pretty straight forward, but if the name server was my target and a denial of service was my goal, I’d want to find out the opposite; how many domain names are using the target name server? Source: https://thevivi.net/2016/11/17/dnsnitch-reverse-ns-lookups-zone-transfers/ GitHub Repository: https://github.com/V1V1/DNSnitch Bonus: axfr.py - https://github.com/V1V1/axfr.py (script that takes a list of domains as input and attempts zone transfers on all of them against a specified name server)

Synopsis: RedHunt aims to be a one stop shop for all your threat emulation and threat huning needs by integrating attacker's arsenal as well as defender's toolkit to actively identify the threats in your environment. GitHub Repository: https://github.com/redhuntlabs/RedHunt-OS

Synopsis: As an emerging concept, the industry has yet to settle on a definitive definition of adversarial simulation, but it involves simulating [components of] targeted attacks in order to test both an organization’s instrumentation stacks and their ability to respond to the attack via their incident response process. This differs from Red Teaming in that adversarial simulation is typically a cooperative activity between the simulation runners and the simulation recipients with an end goal of validating defensive telemetry and testing incident response plans and playbooks. Raphael Mudge wrote a great blog post on the subject, which I recommend. Source: https://medium.com/uber-security-privacy/uber-security-metta-open-source-a8a49613b4a GitHub Repository: https://github.com/uber-common/metta