1. DNS/floating_domains

DNS/lame_delegation DNS/Domain hijacking

1.1. 気づき

Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System


1.2. Subdomain Takeover

Subdomain Takeover: Going beyond CNAME https://0xpatrik.com/subdomain-takeover-ns/

1.3. Route53 Set Up


1.4. twitter から



これは一度DigitalOceanのアカウントに自分のドメインを追加してその後に削除して, ネームサーバーを変えないままでいると第三者がそのドメインを自分のアカウントに追加できるということだ。 20:01 - 2019年1月26日

1.5. Brian Krebs


Breaking, exclusive: bomb threat, sextortion spammers abused weakness at GoDaddy that led to hijacking of 5,000+ domains from some of the world's most recognizable companies


11:46 - 2019年1月23日

experts warn this same weakness that let spammers hijack domains tied to GoDaddy also affects a great many other major Internet service providers


“A lot of the providers are of the opinion that it’s down to a user mistake and not a vulnerability they should have to fix”

1.6. It's Maddening.


Ahhh *screaming*. Worst part is the relative simplicity of this jack (Vulnerable target, motivated offender, lack of active guardians) & the built in *reputational bypass MO* & how long we've known a/b this & how many provider's *still do not see* the need to fix. It's Maddening.

3:57 - 2019年1月24日

Moin2Qmail: DNS/floating_domains (last edited 2020-09-24 00:11:02 by ToshinoriMaeno)