Questions tagged [domain]
The domain tag has no summary.
119 questions
2
votes
0
answers
1k
views
What is this suspicious recurring DNS lookup to gooo...ooooogle.com in my DNS logs? [closed]
I just switched my whole home network (about 100 devices, many IoT) to NextDNS.io. Upon checking the logs I noticed some requests recurring every few minutes to:
www....
- 7,715
1
vote
1
answer
289
views
Can NTLM pass-through authentication be done without NetLogon?
In any "recent" documentation regarding NTLM (Microsoft) I see it stated that the mechanism of pass-through authentication is done over a NetLogon channel, which should be secure. This ...
- 11
0
votes
0
answers
113
views
domain (active directory) machines accessible via web
I recently stumbled across customer machines (windows server) that were part of the customers active directory domain and also had IIS applications accessible for the www.
I only have the vague ...
- 101
0
votes
1
answer
297
views
What is the best way to validate third-party domains calling an API?
Our business is in the payment processing space and one of our core products is a Payment Gateway API. In terms of security we issue an API Key, Signature and RSA Encryption for sensitive information ...
- 103
2
votes
1
answer
194
views
Would a bricks-and-mortar large firm benefit from anonymous domain registration?
Recently, doing "whois" on random large Fortune 500 style bricks-and-mortar companies, I've seen a few use private/"anonymous" registrations.
Normally you see stuff like
Registrant ...
34
votes
4
answers
9k
views
Domain about to expire. Afraid that new owners will spread malware
I have a domain that is about to expire. It was used for hosting my freeware which I do not maintain anymore but can still be found on shareware directories. The application points to my domain (...
- 2,473
1
vote
2
answers
327
views
Country code top-level domain (ccTLD) hijacking?
Imagine a country ruled by a non-democratic government with an explicit disregard to local and international laws. The national registry for local domains (Country code top-level domains) falls under ...
- 11
1
vote
2
answers
313
views
Are there any security reasons against "drop-www" (using example.com instead of www.example.com)?
Are there any security reasons against "drop-www"?
In other words, are there any security reasons against using an apex [1] domain name such as example.com instead of a subdomain such as www....
- 794
2
votes
1
answer
485
views
Amazon Cloudfront trackers, do they mean anything in an investigation?
One way I use to find domains owned by the same people is through tracking codes (Google Analytics and such). Recently I've come across a domain with this tracker code:
d1lxhc4jvstzrp
When I lookup ...
- 33
0
votes
2
answers
294
views
DomainFronting - re-routing and SSL certificats
I'm looking for a specific answer regarding the TLS handshake in a scenario of domain-fronting.
Following hensonsecurity and zscaler blogs I have noticed that a detailed description regarding the re-...
0
votes
1
answer
3k
views
Does alias in a truststore matter?
I was trying to add a new certificate to our truststore. But I got the alias already exists error.
I can't remove the old certificate yet, but I have to add the new certificate.
Will it matter if I ...
- 1
0
votes
1
answer
165
views
How to get my exploit script served on arbitrary subdomain?
Sometimes when checking whether requests are cross-origin, applications check whether the origin contains the whitelisted domain. This makes it possible to bypass the white-listing by including the ...
- 35.6k
0
votes
1
answer
181
views
Can I escalate a main domain SSTI/RCE to all the subdomains belonging to that domain?
I'm a newbie ethical hacker and bug bounty hunter. Lets, assume my target is somethingtohack.com, the thing is the company's scope defines that the main domain is out of scope, but subdomains like ...
1
vote
0
answers
426
views
Looking for origin/ verification of malicious domain names [closed]
My network sniffer for websites has discovered a number of hosting domains in the report which I can not correctly assign to categories. I don't know if there are providers behind these domains that ...
- 11
0
votes
0
answers
489
views
What are security risks of a domain user accounts with denied interactive logon?
When I create domain user account with denied interactive logon, what are real security risks when hacker gets the password?
http://paulasitblog.blogspot.com/2017/01/deny-interactive-logon-for-service....
