Search results for tag #dns
🔍 Inside the Tech: New Talk Added to BSides Luxembourg
🌐📡 𝗧𝗛𝗘 𝗙𝗢𝗥𝗚𝗢𝗧𝗧𝗘𝗡 𝗙𝗜𝗡𝗚𝗘𝗥𝗣𝗥𝗜𝗡𝗧: 𝗗𝗡𝗦 𝗕𝗔𝗦𝗘𝗗 𝗢𝗦𝗜𝗡𝗧 𝗧𝗘𝗖𝗛𝗡𝗜𝗤𝗨𝗘𝗦 𝗙𝗢𝗥 𝗣𝗥𝗢𝗗𝗨𝗖𝗧 & 𝗦𝗘𝗥𝗩𝗜𝗖𝗘 𝗗𝗜𝗦𝗖𝗢𝗩𝗘𝗥𝗬 – Rishi ( @rxerium )
⚡ Reveal hidden infrastructure in a Talk (40 min) using DNS TXT records to map technologies, dependencies, and external services at scale.
DNS is often treated as infrastructure plumbing, but TXT records quietly expose far more than most defenders realize. This session introduces a DNS-based OSINT methodology that leverages large-scale TXT record analysis to uncover embedded service dependencies such as cloud platforms, SaaS integrations, and identity providers.
By programmatically scanning DNS zones and integrating the technique into tools like Nuclei and OWASP Amass, this approach enables security teams to build detailed maps of organizational technology stacks and attack surfaces. A real-world case study from the Salesloft breach demonstrates how these signals translate into actionable intelligence for both offensive and defensive use cases.
Rishi ( @rxerium ) is a London-based security researcher focused on vulnerability research, threat intelligence, and OSINT-driven attack surface discovery. He contributes to open-source security tooling, supports the UK OSINT community, and focuses on building scalable reconnaissance and detection methodologies.
📅 Conference Dates: 6–8 May 2026 | 09:00–18:00
📍 14, Porte de France, Esch-sur-Alzette, Luxembourg
🎟️ Tickets: https://2026.bsides.lu/tickets/
📅 Schedule Link: https://pretalx.com/bsidesluxembourg-2026/schedule/
📲 View full schedule & build your agenda: https://hackertracker.app/schedule?conf=BSIDESLUX2026
#BSidesLuxembourg2026 #OSINT #DNS #AttackSurface #ThreatIntelligence #CyberSecurity
“Did you know that Bluesky is the secret Tenth Realm?” Thus spake the #NorseSquirrelGod during a #DNS attack of Bluesky.
Alt...
A black squirrel wearing an emoji-style “viking” style horned helmet and holding a squirrel-sized sword says “Who dares deny service to ME, the mighty Norse Squirrel God, on Bluesky?”
CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace
Three days after disclosure of a critical pre-authorization remote code execution vulnerability in the marimo Python notebook platform, multiple threat actors deployed malware hosted on HuggingFace Spaces. A previously undocumented NKAbuse variant was delivered through a typosquatted HuggingFace Space, utilizing NKN blockchain for command and control. Between April 11-14, 2026, eleven unique source IPs across ten countries generated 662 exploit events. Attack patterns included reverse shell campaigns, credential extraction targeting AWS keys and API tokens, DNS exfiltration, and lateral movement to PostgreSQL and Redis databases via leaked credentials. The malware binary was disguised as a legitimate Kubernetes tool named kagent and implemented persistence through systemd services, crontab entries, and macOS LaunchAgents. This operation demonstrates threat actors specifically targeting AI/ML infrastructure and leveraging trusted platforms for malware distribution.
Pulse ID: 69e09f9d80e986921250a6f3
Pulse Link: https://otx.alienvault.com/pulse/69e09f9d80e986921250a6f3
Pulse Author: AlienVault
Created: 2026-04-16 08:36:45
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #BlockChain #CyberSecurity #DNS #InfoSec #Mac #MacOS #Malware #NKAbuse #OTX #OpenThreatExchange #PostgreSQL #Python #RAT #RCE #Redis #RemoteCodeExecution #Rust #SQL #Vulnerability #bot #botnet #AlienVault
Вчера вечером "вспомнил старое" и повозился с BIND. Решил DNS сервер для своих доменов поменять. До этого мучил CoreDNS. Из минусов только то, что на одном сервере FreeBSD, а на другом Linux и поэтому с раскаткой чуть больше вопросов было. Зато вспомнил как отрубить рекурсию "для всех кроме", настроить лимиты (чтобы из меня спамера не сделали) и т.д. За сутки лог набежал, проанализировал... Вроде всё ок. :) Приятно, что не потерял навык!
How to Protect Against Phishy Top-level Domains
Blocklisting a domain name or hyperlink (URL) is a common and effective way to avoid becoming a victim of a phishing attack. Phishers and other cyber adversaries often single out specific Top-Level Domains when they register domains for their cyberattacks. And they do so repeatedly! Sometimes they register domains in one TLD at such an enormous scale that blocklisting domains or URLs individually is not enough to mitigate the attack, and more drastic action may effectively reduce risk.
Today, we’ll explain how use filtering offered by a public, open resolver to reduce your risk to avoid phishy TLDs.
https://interisle.substack.com/p/how-to-protect-against-phishy-top
#phishing #cybercrime #dns #blocklist
Alt...
a screen capture of the OpenDNS open resolver
Весь мой вчерашний и позавчерашний день, в борьбе с Unbound , DNS-over-TLS , #letsencrypt, AppArmor и, естественно , Linux.
Alt...
#unbound опять не запускается
Alt...
#AppArmor мешает #unbound читать сертификаты #letsencrypt