Internal domain names: What are you hiding and what are you leaking?

Abstract

In our talk, we evaluate the impact of registering domain suffixes that are defined in various network and router configurations, yet still available for public registration. We also explore the feasibility of performing man-in-the-middle attacks against users, and present our findings on the observed widespread behaviour of default domain suffixes (hundreds of suffix-domains observed and possibly more), as well as redacted capture d traffic containing sensitive data from different companies. Data seen include user credentials, NTLM hashes, internal file paths, and assorted HTTP requests. Thousands of affected entities range from educational institutions, to public infrastructure, to private firms, and hardware manufacturers. Several Fortune 100 companies have also accepted our reports and have mitigated the risks. We will share threat hunting plans for companies to detect information leakage arising from this, along with remediation plans to prevent internal traffic from being leaked.


Speakers Information


Chen Zheng Wei

Originally majoring in the Social Sciences, Zheng Wei decided after graduation to go down the more unconventional path and pursue a career in cybersecurity instead. He now works as a Threat Hunting engineer.


George Chen

George is a Threat Hunting engineer specializing in active defense. He has filed over 30 security patents and presented various security projects at Black Hat, SANS, Singapore FinTech Festival, and universities.





View Full Schedule

Subscribe to Our Mailing List

Join our community mailing list for updated on conference annoucements, important dates and discussions.