SlideShare a Scribd company logo

A @textfiles approach to gathering the world's DNS

Rob Fuller
Rob Fuller

My talk from ShmooCon 2012

TechnologyBusiness
1 of 86
What s in a name? A @textfiles attempt at gathering all of the world s DNS
Intro TEAM
Not quite this cool...
maybe...
Black Box Testing
Starts like this right?
CompanyX Go...
Step 1:
ARIN’s REST Web Services
Whois Black Magic whois -h whois.arin.net > ! COMPANY Microsoft (C00006676) DIRECP-NET1-206-71-11 (NET-206-71-119-0-1) 206.71.119.0 - 206.71.119.255Microsoft (C00006677) DIRECP- NET1-118 (NET-206-71-118-0-1) 206.71.118.0 - 206.71.118.255Microsoft (C00006678) DIRECP-NET1-117 (NET-206-71-117-0-1) 206.71.117.0 - 206.71.117.255Microsoft (C00061532) UUHIL-BLK1-C155-112 (NET-209-154-155-112-1) 209.154.155.112 - 209.154.155.119Microsoft (C00168056) SBCIS-101411-164355 (NET-65-68-62-152-1) 65.68.62.152 - 65.68.62.159MICROSOFT (C00313928) SBC067039208168020503 (NET-67-39-208-168-1) 67.39.208.168 - 67.39.208.175Microsoft (C00330795) () -Microsoft (C00446770) SBC066136085192030113 (NET-66-136-85-192-1) 66.136.85.192 - 66.136.85.199MICROSOFT (C00458472) MFN- T280-64-124-184-72-29 (NET-64-124-184-72-1) 64.124.184.72 - 64.124.184.79MICROSOFT (C00459322) () -Microsoft (C00637972) CW-204-71-191-0 (NET-204-71-191-0-1) 204.71.191.0 - 204.71.191.255Microsoft (C01563731) CVNET-454AA20 (NET-69-74-162-0-1) 69.74.162.0 - 69.74.162.255Microsoft (C01647285) UU-65-221-5 (NET-65-221-5-0-1) 65.221.5.0 - 65.221.5.255Microsoft (C01793454) MICROSOFT (NET-74-93-205-144-1) 74.93.205.144 - 74.93.205.151Microsoft (C01793455) MICROSOFT (NET-74-93-205-152-1) 74.93.205.152 - 74.93.205.159Microsoft (C01793456) MICROSOFT (NET-74-93-206-64-1) 74.93.206.64 - 74.93.206.71Microsoft (C01807326) MICROSOFT (NET-70-89-139-120-1) 70.89.139.120 - 70.89.139.127Microsoft (C02008777) RSPC-1218167167199384 (NET-67-192-225-208-1) 67.192.225.208 - 67.192.225.223Microsoft (C02312189) OW-3236-1 (NET-206-72-124-64-1) 206.72.124.64 - 206.72.124.95Microsoft (C02313555) OW-4867-1 (NET-206-72-120-248-1) 206.72.120.248 - 206.72.120.255Microsoft (C02313803) OW-4469-1 (NET-206-72-120-104-1) 206.72.120.104 - 206.72.120.111Microsoft (C02499241) MICROSOFT (NET-64-119-153-72-1) 64.119.153.72 - 64.119.153.79Microsoft (C02499329) MICROSOFT (NET-64-119-130-112-1) 64.119.130.112 - 64.119.130.119Microsoft (C02499544) MICROSOFT (NET-64-119-153-80-1) 64.119.153.80 - 64.119.153.87MICROSOFT (C02570623) MCRS-68-188-29-64 (NET-68-188-29-64-1) 68.188.29.64 - 68.188.29.127Microsoft (C02580886) RACKS-8-1283476925266189 (NET-184-106-14-208-1) 184.106.14.208 - 184.106.14.215Microsoft (C02597593) MICROSOFT (NET-66-228-68-96-1) 66.228.68.96 - 66.228.68.111Microsoft (C02597706) () -Microsoft (C02599338) RACKS-8-1286223485308418 (NET-184-106-32-152-1) 184.106.32.152 - 184.106.32.159Microsoft (C02654382) () -Microsoft (C02677592) MICROSOFT (NET-64-119-136-168-1) 64.119.136.168 - 64.119.136.175Microsoft (C02718410) MICROSOFT (NET-64-119-136-240-1) 64.119.136.240 - 64.119.136.255Microsoft (C02768521) MICROSOFT (NET-66-228-80-160-1) 66.228.80.160 - 66.228.80.191
ShoNuff! By Jason Ross
Step 2: Listen to this guy OSINT
Step 3: Bounce!
Step 4: DNS brute force and hope that GW.COMPANYX.COM exists
But the best way... but...
Problems: Very small percentage of companies OWN IP space You rarely get Internal IP space from OSINT Getting more rare to see companies host their own EMAIL gateway
TL;DR or TL;Want-To-Party
PTR Records IN ADDR ARPA AKA.. the bastard child of DNS everyone forgets about
Why?
Only 4.294 Billion address...
Bash + Dig = 1 request per second (.5 msec + proc time) NMAP w/ just DNS resolution = 2 seconds per /24 IF everyone’s servers were as fast as Google’s
didn t want to be old by the time it finished
MassResolve: ~3000 requests per second = mubix@research:~ time massresolve IPv4.txt l 262974m1.855suser 394461m0.007ssys 3x262974m0
Quick tangent... •  Is there parent here that doesn t wish this was true?
But people don t like it when you DoS their DNS servers
but it s not malicious...
a bunch of text files... 40 GBs of text files Most commands don’t like receiving 30,000+ text files in STDIN I broke grep... xargs -I mutex FTW 668,246,000 - Initial DB load
REALLY SLOW TO SEARCH... we’ll come back to this...
So I bought one of these...
from
and someone forgot to format it...
now what?
Continuing the addiction
there’s more?!!!
There are 66 types but over 200 in use that I ve found
what s the fastest way to get them?
Zone Transfer kickin it like it s 1999
What is a Zone?
MICROSOFT IS WRONG
MICROSOFT IS WRONG ok...well somewhat wrong
What is a Zone? these are zones
HD Moore: Its 2012 and you can still perform zone transfers from 65 of 312 TLDs, including ORG, INFO, PRO, and XXX (zones: http://t.co/rwFQbzjw )
What is a Zone? this is also a zone
B,C,F,G, and K Why? I don’t know...
but... •  COM, NET failed to transfer their zones
learning when to quit...
What is a Zone?
What other sources?
Alexa Top “One Million” Domains
908584: 0: Testing AXFR on ns899.hostgator.com. for lancasterpuppies.com - Output: 4908584: 1: Testing AXFR on ns900.hostgator.com. for lancasterpuppies.com - Output: 4908585: 0: Testing AXFR on ns1.webserver.at. for promi.at - Output: 16908585: 1: Testing AXFR on ns2.webserver.at. for promi.at - Output: 16908586: 0: Testing AXFR on ns2.bluehost.com. for eveliux.com - Output: 41908586: 1: Testing AXFR on ns1.bluehost.com. for eveliux.com - Output: 41908587: 0: Testing AXFR on ns2.hongkonghosting.com.hk. for godiva.com.hk - Output: 4908587: 1: Testing AXFR on ns1.hongkonghosting.com.hk. for godiva.com.hk - Output: 4908588: 0: Testing AXFR on ns01.businesscatalyst.com. for willcuttguitars.com - Output: 4
NS2 FTW!!
21 and 22
Making OSINT easy... • xxx.xxx.net. 38400 IN HINFO "intel" "linux • _xmpp-server._tcp.im.xx.net. 86400 IN SRV 5 0 5269 im.xx.net. • admin.xx.net. 86400 IN SSHFP 1 1 493E20AA602AA0844823DD5CDF4F4A013B61FACD • xx.xx.ru. 10800 IN HINFO "SCSI/Pentium/133" "BSDI3.1" • admin.xx.k12.xx.us. 86400 IN HINFO "PC" "MS-WINDOWS-98" • www.xx.net. 86400 IN HINFO "NonAlpha" "NetBSD"
TXT records are not your password manager xxxx.xxx.net. 86400 IN TXT "ssh: F8nn2009#@ppyf33t"
same problem lots of text files -> database = slow searching and how do you put 200+ DNS types into a database?
Becoming a DBA
TEAM not telling you the back-end... at least on camera
What would you search for?
there’s more?!!!
DNS
Sources •  Alexa •  Zone Transfers •  Brute forcing with an actively updated list of the Top 50,000 sub zones •  MassResolve •  My wife s DNS traffic •  Other online resources •  You! If you want to submit a DNS log for your company GREAT! ;-) or a ZT, or just want me to update a domain, I accept it all.
9109 sites in database
Parsing •  New NS records go to ZT and Domain brute forcer •  New A records go to PTR and Type brute forcer •  New PTR records attempt to resolve forward and break down into zones then go to respective parsers •  New other records go to Type Brute forcer •  Anything older than 6 months get rechecked •  MOR PARSERS!! •  you see where this is going..... •  New input gets checked against DB, new records get ADDED, they don t replace, so historical data will stay with date/time stamps
DNS traffic... •  In September of 2011, DNS traffic surpassed my family s TOTAL other bandwidth per month...
How is this different from Shodan? •  Results aren t based on open ports •  I m not going to monetize it, I m doing it for my use, but since it needs to be available everywhere so I can use it, so can you ;-) •  And I ll give you the code to do it yourself if you want to... although...
there’s more?!!!
Why is this useful? •  Because now I have one place to get as much data as I can on a target in regards to DNS (including historical) and I never have to touch one of their servers
and here it is... https://www.deepmagic.com/ $record_type remember the (s), I usually have mean stuff on 80 “everything” search is cludgy right now I am not a web coder •  Free to use, and always will be (PERIOD) •  That means I make no money on it •  Logs last for 24 hours •  so I can catch issues, then they go to /dev/null •  And those will never be released to anyone and long as I can help it, and if that does happen I will just pull it down
Next steps... •  Integration with Sho-nuff •  Idea? Ways to make it better? •  DARPA Security Fast Track?
How d I do Jason?
Questions? •  Rob Fuller •  @mubix •  mubix@hak5.org

Recommended

NotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersNotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersRob Fuller
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
RIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRob Fuller
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 

Recommended

NotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersNotaCon 2011 - Networking for Pentesters
NotaCon 2011 - Networking for PentestersRob Fuller
 
Writing malware while the blue team is staring at you
Writing malware while the blue team is staring at youWriting malware while the blue team is staring at you
Writing malware while the blue team is staring at youRob Fuller
 
Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Dirty Little Secrets They Didn't Teach You In Pentest Class v2
Dirty Little Secrets They Didn't Teach You In Pentest Class v2Rob Fuller
 
RIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRIT 2009 Intellectual Pwnership
RIT 2009 Intellectual PwnershipRob Fuller
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Rob Fuller
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershelljaredhaight
 
Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Daniel Bohannon
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9thaidn
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDan Kaminsky
 
"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł Maziarz"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł MaziarzPROIDEA
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
 
How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)Larry Cashdollar
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Webroyans
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Webamiable_indian
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Incorporating PowerShell into your Arsenal with PS>Attack
Incorporating PowerShell into your Arsenal with PS>AttackIncorporating PowerShell into your Arsenal with PS>Attack
Incorporating PowerShell into your Arsenal with PS>Attackjaredhaight
 
I See You
I See YouI See You
I See YouAndrew Beard
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
Confidence web
Confidence webConfidence web
Confidence webDan Kaminsky
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Andrew McNicol
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersAndrew McNicol
 
Zuzenketa Baztan
Zuzenketa BaztanZuzenketa Baztan
Zuzenketa BaztanJosu Jimenez Maia
 
Interview Martin van Waardenberg
Interview Martin van WaardenbergInterview Martin van Waardenberg
Interview Martin van WaardenbergSerga van Roon
 

More Related Content

What's hot

Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy StyleRob Fuller
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershelljaredhaight
 
Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Daniel Bohannon
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9thaidn
 
"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł Maziarz"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł MaziarzPROIDEA
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
 
How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)Larry Cashdollar
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Webroyans
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Webamiable_indian
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Incorporating PowerShell into your Arsenal with PS>Attack
Incorporating PowerShell into your Arsenal with PS>AttackIncorporating PowerShell into your Arsenal with PS>Attack
Incorporating PowerShell into your Arsenal with PS>Attackjaredhaight
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Andrew McNicol
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersAndrew McNicol
 

What's hot (20)

Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy Style
 
Pwning with powershell
Pwning with powershellPwning with powershell
Pwning with powershell
 
Introducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkitIntroducing PS>Attack: An offensive PowerShell toolkit
Introducing PS>Attack: An offensive PowerShell toolkit
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017
 
Get-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for EvilGet-Help: An intro to PowerShell and how to Use it for Evil
Get-Help: An intro to PowerShell and how to Use it for Evil
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9
 
Dmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fedDmk bo2 k8_bh_fed
Dmk bo2 k8_bh_fed
 
"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł Maziarz"Powershell kung-fu" - Paweł Maziarz
"Powershell kung-fu" - Paweł Maziarz
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015
 
How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)How to discover 1352 Wordpress plugin 0days in one hour (not really)
How to discover 1352 Wordpress plugin 0days in one hour (not really)
 
Dmk Bo2 K7 Web
Dmk Bo2 K7 WebDmk Bo2 K7 Web
Dmk Bo2 K7 Web
 
Design Reviewing The Web
Design Reviewing The WebDesign Reviewing The Web
Design Reviewing The Web
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
Incorporating PowerShell into your Arsenal with PS>Attack
Incorporating PowerShell into your Arsenal with PS>AttackIncorporating PowerShell into your Arsenal with PS>Attack
Incorporating PowerShell into your Arsenal with PS>Attack
 
I See You
I See YouI See You
I See You
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new black
 
Confidence web
Confidence webConfidence web
Confidence web
 
Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016Beyond Automated Testing - RVAsec 2016
Beyond Automated Testing - RVAsec 2016
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 
BSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathersBSides_Charm2015_Info sec hunters_gathers
BSides_Charm2015_Info sec hunters_gathers
 

Viewers also liked

Interview Martin van Waardenberg
Interview Martin van WaardenbergInterview Martin van Waardenberg
Interview Martin van WaardenbergSerga van Roon
 
Email backups in bluehost backup pro
Email backups in bluehost backup proEmail backups in bluehost backup pro
Email backups in bluehost backup proSam Dak
 
Overview of generosity
Overview of generosityOverview of generosity
Overview of generositysutrisno2629
 
Memory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxMemory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxRob Fuller
 
How to Negotiate, Part 1: Learning the Basics
How to Negotiate, Part 1: Learning the BasicsHow to Negotiate, Part 1: Learning the Basics
How to Negotiate, Part 1: Learning the Basicstcg: agency
 
Toward Optimal Configuration Space Sampling
Toward Optimal Configuration Space SamplingToward Optimal Configuration Space Sampling
Toward Optimal Configuration Space Samplingcijat
 
A beautiful story without any words
A beautiful story without any wordsA beautiful story without any words
A beautiful story without any wordssutrisno2629
 
Personality Analysis
Personality AnalysisPersonality Analysis
Personality Analysissutrisno2629
 
The COCH project
The COCH projectThe COCH project
The COCH projectaskroll
 
Land 'Grabbing' in the Nile Basin and implications for the regional water sec...
Land 'Grabbing' in the Nile Basin and implications for the regional water sec...Land 'Grabbing' in the Nile Basin and implications for the regional water sec...
Land 'Grabbing' in the Nile Basin and implications for the regional water sec...Ana Cascao
 
παρουσιαση μοντελου σχεδιου εργασίας
παρουσιαση μοντελου σχεδιου εργασίαςπαρουσιαση μοντελου σχεδιου εργασίας
παρουσιαση μοντελου σχεδιου εργασίαςpramas
 
Introduction to BIT330
Introduction to BIT330Introduction to BIT330
Introduction to BIT330Scott Moore
 
Robotics
RoboticsRobotics
Roboticscenkkk
 
Absolutely Fantastic Slideshow
Absolutely Fantastic SlideshowAbsolutely Fantastic Slideshow
Absolutely Fantastic Slideshowsutrisno2629
 

Viewers also liked (20)

Zuzenketa Baztan
Zuzenketa BaztanZuzenketa Baztan
Zuzenketa Baztan
 
Interview Martin van Waardenberg
Interview Martin van WaardenbergInterview Martin van Waardenberg
Interview Martin van Waardenberg
 
Email backups in bluehost backup pro
Email backups in bluehost backup proEmail backups in bluehost backup pro
Email backups in bluehost backup pro
 
Overview of generosity
Overview of generosityOverview of generosity
Overview of generosity
 
Memory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: FirefoxMemory Forensics for Pentesters: Firefox
Memory Forensics for Pentesters: Firefox
 
How to Negotiate, Part 1: Learning the Basics
How to Negotiate, Part 1: Learning the BasicsHow to Negotiate, Part 1: Learning the Basics
How to Negotiate, Part 1: Learning the Basics
 
Toward Optimal Configuration Space Sampling
Toward Optimal Configuration Space SamplingToward Optimal Configuration Space Sampling
Toward Optimal Configuration Space Sampling
 
A beautiful story without any words
A beautiful story without any wordsA beautiful story without any words
A beautiful story without any words
 
Personality Analysis
Personality AnalysisPersonality Analysis
Personality Analysis
 
The COCH project
The COCH projectThe COCH project
The COCH project
 
Erik Scarcia
Erik Scarcia Erik Scarcia
Erik Scarcia
 
Cambridge 10 March 2008
Cambridge 10 March 2008Cambridge 10 March 2008
Cambridge 10 March 2008
 
Life in Korea
Life in KoreaLife in Korea
Life in Korea
 
Land 'Grabbing' in the Nile Basin and implications for the regional water sec...
Land 'Grabbing' in the Nile Basin and implications for the regional water sec...Land 'Grabbing' in the Nile Basin and implications for the regional water sec...
Land 'Grabbing' in the Nile Basin and implications for the regional water sec...
 
παρουσιαση μοντελου σχεδιου εργασίας
παρουσιαση μοντελου σχεδιου εργασίαςπαρουσιαση μοντελου σχεδιου εργασίας
παρουσιαση μοντελου σχεδιου εργασίας
 
Introduction to BIT330
Introduction to BIT330Introduction to BIT330
Introduction to BIT330
 
Arte Rococó
Arte RococóArte Rococó
Arte Rococó
 
Awebowey!!! Agosto2009
Awebowey!!! Agosto2009Awebowey!!! Agosto2009
Awebowey!!! Agosto2009
 
Robotics
RoboticsRobotics
Robotics
 
Absolutely Fantastic Slideshow
Absolutely Fantastic SlideshowAbsolutely Fantastic Slideshow
Absolutely Fantastic Slideshow
 

Similar to A @textfiles approach to gathering the world's DNS

BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...JosephTesta9
 
DNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and ResponseDNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and Responsepm123008
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Alec Muffett
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class Chris Gates
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesInternet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesAPNIC
 
dns.workshop.hsgr
dns.workshop.hsgrdns.workshop.hsgr
dns.workshop.hsgrebalaskas
 
CNIT 124: Ch 5: Information Gathering
CNIT 124: Ch 5: Information GatheringCNIT 124: Ch 5: Information Gathering
CNIT 124: Ch 5: Information GatheringSam Bowne
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still funpyschedelicsupernova
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014Leonardo Nve Egea
 
Using ~300 Billion DNS Queries to Analyse the TLD Name Collision Problem
Using ~300 Billion DNS Queries to Analyse the TLD Name Collision ProblemUsing ~300 Billion DNS Queries to Analyse the TLD Name Collision Problem
Using ~300 Billion DNS Queries to Analyse the TLD Name Collision ProblemAPNIC
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the InternetAndrew Morris
 
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)PROIDEA
 

Similar to A @textfiles approach to gathering the world's DNS (20)

BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
BSides Rochester 2018: Chris Partridge: Turning Domain Data Into Domain Intel...
 
DNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and ResponseDNS in IR: Collection, Analysis and Response
DNS in IR: Collection, Analysis and Response
 
Distributed "Web Scale" Systems
Distributed "Web Scale" SystemsDistributed "Web Scale" Systems
Distributed "Web Scale" Systems
 
Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5Setting Up .Onion Addresses for your Enterprise, v3.5
Setting Up .Onion Addresses for your Enterprise, v3.5
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenchesInternet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
Internet Week 2018: 1.1.1.0/24 A report from the (anycast) trenches
 
Dmk blackops2006
Dmk blackops2006Dmk blackops2006
Dmk blackops2006
 
dns.workshop.hsgr
dns.workshop.hsgrdns.workshop.hsgr
dns.workshop.hsgr
 
CNIT 124: Ch 5: Information Gathering
CNIT 124: Ch 5: Information GatheringCNIT 124: Ch 5: Information Gathering
CNIT 124: Ch 5: Information Gathering
 
Splunk bsides
Splunk bsidesSplunk bsides
Splunk bsides
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
 
Why internal pen tests are still fun
Why internal pen tests are still funWhy internal pen tests are still fun
Why internal pen tests are still fun
 
Prefered dns
Prefered dnsPrefered dns
Prefered dns
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminsky
 
Bh eu 05-kaminsky
Bh eu 05-kaminskyBh eu 05-kaminsky
Bh eu 05-kaminsky
 
Zero mq logs
Zero mq logsZero mq logs
Zero mq logs
 
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
OFFENSIVE: Exploiting DNS servers changes BlackHat Asia 2014
 
Using ~300 Billion DNS Queries to Analyse the TLD Name Collision Problem
Using ~300 Billion DNS Queries to Analyse the TLD Name Collision ProblemUsing ~300 Billion DNS Queries to Analyse the TLD Name Collision Problem
Using ~300 Billion DNS Queries to Analyse the TLD Name Collision Problem
 
The Background Noise of the Internet
The Background Noise of the InternetThe Background Noise of the Internet
The Background Noise of the Internet
 
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
CONFidence 2018: Detecting Phishing from pDNS (Irena Damsky)
 

More from Rob Fuller

KiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsKiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsRob Fuller
 
As The Phish Turns
As The Phish TurnsAs The Phish Turns
As The Phish TurnsRob Fuller
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkRob Fuller
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Intro to White Chapel
Intro to White ChapelIntro to White Chapel
Intro to White ChapelRob Fuller
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 HoursRob Fuller
 

More from Rob Fuller (8)

KiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's AssetsKiwiCon 2016 - Kicking Orion's Assets
KiwiCon 2016 - Kicking Orion's Assets
 
GiTFO
GiTFOGiTFO
GiTFO
 
As The Phish Turns
As The Phish TurnsAs The Phish Turns
As The Phish Turns
 
Metasploit magic the dark coners of the framework
Metasploit magic the dark coners of the frameworkMetasploit magic the dark coners of the framework
Metasploit magic the dark coners of the framework
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new black
 
Intro to White Chapel
Intro to White ChapelIntro to White Chapel
Intro to White Chapel
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
From Couch To Career In 80 Hours
From Couch To Career In 80 HoursFrom Couch To Career In 80 Hours
From Couch To Career In 80 Hours
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 

A @textfiles approach to gathering the world's DNS

  • 1. What s in a name? A @textfiles attempt at gathering all of the world s DNS
  • 2. Intro TEAM
  • 3. Not quite this cool...
  • 7. CompanyX Go...
  • 9.
  • 10. ARIN’s REST Web Services
  • 11. Whois Black Magic whois -h whois.arin.net > ! COMPANY Microsoft (C00006676) DIRECP-NET1-206-71-11 (NET-206-71-119-0-1) 206.71.119.0 - 206.71.119.255Microsoft (C00006677) DIRECP- NET1-118 (NET-206-71-118-0-1) 206.71.118.0 - 206.71.118.255Microsoft (C00006678) DIRECP-NET1-117 (NET-206-71-117-0-1) 206.71.117.0 - 206.71.117.255Microsoft (C00061532) UUHIL-BLK1-C155-112 (NET-209-154-155-112-1) 209.154.155.112 - 209.154.155.119Microsoft (C00168056) SBCIS-101411-164355 (NET-65-68-62-152-1) 65.68.62.152 - 65.68.62.159MICROSOFT (C00313928) SBC067039208168020503 (NET-67-39-208-168-1) 67.39.208.168 - 67.39.208.175Microsoft (C00330795) () -Microsoft (C00446770) SBC066136085192030113 (NET-66-136-85-192-1) 66.136.85.192 - 66.136.85.199MICROSOFT (C00458472) MFN- T280-64-124-184-72-29 (NET-64-124-184-72-1) 64.124.184.72 - 64.124.184.79MICROSOFT (C00459322) () -Microsoft (C00637972) CW-204-71-191-0 (NET-204-71-191-0-1) 204.71.191.0 - 204.71.191.255Microsoft (C01563731) CVNET-454AA20 (NET-69-74-162-0-1) 69.74.162.0 - 69.74.162.255Microsoft (C01647285) UU-65-221-5 (NET-65-221-5-0-1) 65.221.5.0 - 65.221.5.255Microsoft (C01793454) MICROSOFT (NET-74-93-205-144-1) 74.93.205.144 - 74.93.205.151Microsoft (C01793455) MICROSOFT (NET-74-93-205-152-1) 74.93.205.152 - 74.93.205.159Microsoft (C01793456) MICROSOFT (NET-74-93-206-64-1) 74.93.206.64 - 74.93.206.71Microsoft (C01807326) MICROSOFT (NET-70-89-139-120-1) 70.89.139.120 - 70.89.139.127Microsoft (C02008777) RSPC-1218167167199384 (NET-67-192-225-208-1) 67.192.225.208 - 67.192.225.223Microsoft (C02312189) OW-3236-1 (NET-206-72-124-64-1) 206.72.124.64 - 206.72.124.95Microsoft (C02313555) OW-4867-1 (NET-206-72-120-248-1) 206.72.120.248 - 206.72.120.255Microsoft (C02313803) OW-4469-1 (NET-206-72-120-104-1) 206.72.120.104 - 206.72.120.111Microsoft (C02499241) MICROSOFT (NET-64-119-153-72-1) 64.119.153.72 - 64.119.153.79Microsoft (C02499329) MICROSOFT (NET-64-119-130-112-1) 64.119.130.112 - 64.119.130.119Microsoft (C02499544) MICROSOFT (NET-64-119-153-80-1) 64.119.153.80 - 64.119.153.87MICROSOFT (C02570623) MCRS-68-188-29-64 (NET-68-188-29-64-1) 68.188.29.64 - 68.188.29.127Microsoft (C02580886) RACKS-8-1283476925266189 (NET-184-106-14-208-1) 184.106.14.208 - 184.106.14.215Microsoft (C02597593) MICROSOFT (NET-66-228-68-96-1) 66.228.68.96 - 66.228.68.111Microsoft (C02597706) () -Microsoft (C02599338) RACKS-8-1286223485308418 (NET-184-106-32-152-1) 184.106.32.152 - 184.106.32.159Microsoft (C02654382) () -Microsoft (C02677592) MICROSOFT (NET-64-119-136-168-1) 64.119.136.168 - 64.119.136.175Microsoft (C02718410) MICROSOFT (NET-64-119-136-240-1) 64.119.136.240 - 64.119.136.255Microsoft (C02768521) MICROSOFT (NET-66-228-80-160-1) 66.228.80.160 - 66.228.80.191
  • 13. Step 2: Listen to this guy OSINT
  • 15. Step 4: DNS brute force and hope that GW.COMPANYX.COM exists
  • 16. But the best way... but...
  • 17. Problems: Very small percentage of companies OWN IP space You rarely get Internal IP space from OSINT Getting more rare to see companies host their own EMAIL gateway
  • 18.
  • 20. PTR Records IN ADDR ARPA AKA.. the bastard child of DNS everyone forgets about
  • 21. Why?
  • 22.
  • 23.
  • 24.
  • 25. Only 4.294 Billion address...
  • 26. Bash + Dig = 1 request per second (.5 msec + proc time) NMAP w/ just DNS resolution = 2 seconds per /24 IF everyone’s servers were as fast as Google’s
  • 27. didn t want to be old by the time it finished
  • 28.
  • 29. MassResolve: ~3000 requests per second = mubix@research:~ time massresolve IPv4.txt l 262974m1.855suser 394461m0.007ssys 3x262974m0
  • 30. Quick tangent... •  Is there parent here that doesn t wish this was true?
  • 31. But people don t like it when you DoS their DNS servers
  • 32. but it s not malicious...
  • 33. a bunch of text files... 40 GBs of text files Most commands don’t like receiving 30,000+ text files in STDIN I broke grep... xargs -I mutex FTW 668,246,000 - Initial DB load
  • 34. REALLY SLOW TO SEARCH... we’ll come back to this...
  • 35. So I bought one of these...
  • 36. from
  • 37. and someone forgot to format it...
  • 39. Continuing the addiction
  • 40.
  • 42. There are 66 types but over 200 in use that I ve found
  • 43. what s the fastest way to get them?
  • 44. Zone Transfer kickin it like it s 1999
  • 45. What is a Zone?
  • 46.
  • 47. MICROSOFT IS WRONG
  • 48. MICROSOFT IS WRONG ok...well somewhat wrong
  • 49. What is a Zone? these are zones
  • 50. HD Moore: Its 2012 and you can still perform zone transfers from 65 of 312 TLDs, including ORG, INFO, PRO, and XXX (zones: http://t.co/rwFQbzjw )
  • 51. What is a Zone? this is also a zone
  • 52.
  • 53. B,C,F,G, and K Why? I don’t know...
  • 54.
  • 55. but... •  COM, NET failed to transfer their zones
  • 56. learning when to quit...
  • 57. What is a Zone?
  • 59. Alexa Top “One Million” Domains
  • 60. 908584: 0: Testing AXFR on ns899.hostgator.com. for lancasterpuppies.com - Output: 4908584: 1: Testing AXFR on ns900.hostgator.com. for lancasterpuppies.com - Output: 4908585: 0: Testing AXFR on ns1.webserver.at. for promi.at - Output: 16908585: 1: Testing AXFR on ns2.webserver.at. for promi.at - Output: 16908586: 0: Testing AXFR on ns2.bluehost.com. for eveliux.com - Output: 41908586: 1: Testing AXFR on ns1.bluehost.com. for eveliux.com - Output: 41908587: 0: Testing AXFR on ns2.hongkonghosting.com.hk. for godiva.com.hk - Output: 4908587: 1: Testing AXFR on ns1.hongkonghosting.com.hk. for godiva.com.hk - Output: 4908588: 0: Testing AXFR on ns01.businesscatalyst.com. for willcuttguitars.com - Output: 4
  • 62.
  • 63.
  • 65. Making OSINT easy... • xxx.xxx.net. 38400 IN HINFO "intel" "linux • _xmpp-server._tcp.im.xx.net. 86400 IN SRV 5 0 5269 im.xx.net. • admin.xx.net. 86400 IN SSHFP 1 1 493E20AA602AA0844823DD5CDF4F4A013B61FACD • xx.xx.ru. 10800 IN HINFO "SCSI/Pentium/133" "BSDI3.1" • admin.xx.k12.xx.us. 86400 IN HINFO "PC" "MS-WINDOWS-98" • www.xx.net. 86400 IN HINFO "NonAlpha" "NetBSD"
  • 66.
  • 67.
  • 68. TXT records are not your password manager xxxx.xxx.net. 86400 IN TXT "ssh: F8nn2009#@ppyf33t"
  • 69. same problem lots of text files -> database = slow searching and how do you put 200+ DNS types into a database?
  • 71. TEAM not telling you the back-end... at least on camera
  • 72. What would you search for?
  • 74. DNS
  • 75. Sources •  Alexa •  Zone Transfers •  Brute forcing with an actively updated list of the Top 50,000 sub zones •  MassResolve •  My wife s DNS traffic •  Other online resources •  You! If you want to submit a DNS log for your company GREAT! ;-) or a ZT, or just want me to update a domain, I accept it all.
  • 76. 9109 sites in database
  • 77.
  • 78. Parsing •  New NS records go to ZT and Domain brute forcer •  New A records go to PTR and Type brute forcer •  New PTR records attempt to resolve forward and break down into zones then go to respective parsers •  New other records go to Type Brute forcer •  Anything older than 6 months get rechecked •  MOR PARSERS!! •  you see where this is going..... •  New input gets checked against DB, new records get ADDED, they don t replace, so historical data will stay with date/time stamps
  • 79. DNS traffic... •  In September of 2011, DNS traffic surpassed my family s TOTAL other bandwidth per month...
  • 80. How is this different from Shodan? •  Results aren t based on open ports •  I m not going to monetize it, I m doing it for my use, but since it needs to be available everywhere so I can use it, so can you ;-) •  And I ll give you the code to do it yourself if you want to... although...
  • 82. Why is this useful? •  Because now I have one place to get as much data as I can on a target in regards to DNS (including historical) and I never have to touch one of their servers
  • 83. and here it is... https://www.deepmagic.com/ $record_type remember the (s), I usually have mean stuff on 80 “everything” search is cludgy right now I am not a web coder •  Free to use, and always will be (PERIOD) •  That means I make no money on it •  Logs last for 24 hours •  so I can catch issues, then they go to /dev/null •  And those will never be released to anyone and long as I can help it, and if that does happen I will just pull it down
  • 84. Next steps... •  Integration with Sho-nuff •  Idea? Ways to make it better? •  DARPA Security Fast Track?
  • 85. How d I do Jason?
  • 86. Questions? •  Rob Fuller •  @mubix •  mubix@hak5.org