loading

137455 author: neurovagrant@masto.deoan.org 25 Dec 12:39
tags: #dns #infosec #threatintel

DomainTools DNSDB sensors recorded a massive, sustained spike in deduplicated and validated DNS observables early Christmas morning. Data analysis is forthcoming. But for the moment I'll just remind you that, like CSI Miami, we never close.

Photograph from CSI Miami with David Caruso wearing his signature sunglasses in the foreground and something on fire in the background.

117370 author: jens@social.finkhaeuser.de 10 Nov 2024 12:49
tags: #dns #ietf121

I kind of want to write up my #ietf121 experience, but I don't think what I would write will impart the meaning it has to me unless you are me, which most of you are not.

I went there for #DNS reasons. I did not take part in all of the DNS related working groups, because I am at this time most interested in networking and figuring the organization out better. That includes specifically the people involved with DNS, of course, but not exclusively.

Let's focus on DNS first.

I'm glad the BoF...

88639 author: neil@mastodon.neilzone.co.uk 24 Oct 2024 09:00
tags: #cybersecurity #dns #internet #lawfedi

New regulations set out circumstances in which the Secretary of State can intervene in the running of internet domain registries for UK-related domains

This somewhat lengthy blogpost about The Internet Domain Registry (Prescribed Practices and Prescribed Requirements) Regulations 2024 is probably of most interest to people running domain registries, and domain registrars, for .uk, .scot, .wales., .cymru, and .london.

To be honest, until yesterday, I had no idea that the Secretary of State had these kind of powers...

https://decoded.legal/blog/2024/10/new-regulations-set-out-circumstances-in-which-the-secretary-of-state-can-intervene-in-the-running-of-internet-domain-registries-for-uk-related-domains

61167 author: InfobloxThreatIntel@infosec.exchange 23 Sep 2024 15:25
https://imgur.com/a/vzflfXb
tags: #cybercrime #cybersecurity #dns #infobloxthreatintel #infosec #malware #phishing #scam #tds #threatintel

Here is a traffic distribution system (TDS) in action. Fairly often when talking about TDS, I get the rebuttal: when i visited that domain, i only saw parking. Exactly. That's the point. :) A malicious TDS is like a router for malware -- the goal is to bring the best victims to the best malicious offering. And to play dead when it looks like they might be caught, aka look like parking or search ads.

What these images show is the difference between visiting the site tokclix[.]live from a scanner (urlscan) versus from a real Android phone. The former leads you to (sketchy) search arbitrage and the latter is classic scareware. This is what a TDS does.

Found this particular one while researching search arbitrage so it is fairly random. started with an old post on BlackHat World but the domains were all still live. On the screen capture you can see the redirects through the TDS.

The imgur video shows the original click to scareware -- watch the redirects.

#InfobloxThreatIntel #tds #dns #malware #threatintel #cybercrime #cybersecurity #infosec #scam #phishing