DNS Weekly Recap 21/4/24

Jumping right into this one as there's a few things to go over starting with:

The Palo Alto 'hack'

I picked up on this one because Andy states 'We discovered a plethora of exposed and insecure internet assets'.

So were you asked to investigate this and begin live testing on an corporate environment without the expressed permission of the client/target? Yes?

*crickets*

It's a wonder why they wouldn't get back to you...

From the comments section, look it's NOT SECURE domains and subdomains...

You mean the not secure subdomains because you.... made them up:

Proof that you fudged your evidence one more.

United Health being popped:

Those insecure and exposed positions are really going to stop someone clicking on a dodgy link or being targeted by a ransomeware gang tho,, rite?

Thank god Reuters did their reporting and made sure to mention it was a ransomware attack from Blackcat/ALPHAV.

Again though, why would they feel the need to get back to you?

The DalI Incident:

A quick update to say it's now got an open FBI criminal investigation ongoing, not in itself a surprise but:

Not everything has to be 'Cyber' this and 'Cyber' that, ever hear of Industrial sabotage? Criminal Activity? It doesn't have to be 'cyber' y'all speculating till something actually comes out from it.

Microsoft Stuff:

More comment than anything else, he likes to add in history and mix it up with misinformation doesn't he.

Again this feeds into the 'you do know what a firewall is, right?' also microsoft-com.mail.protection.outlook.com happens to bring up this error... shocking I know.

Just think what kinds of errors you would see if companies used other non standard ports...

Oh and let's not forget recently the screenshots showing a little more Microsoft stuff actually show they are using Akamai for (likely) DDOS protection.... so the screenshots are 'correct' but only if you read them to understand the errors which is not something Andy has done, like ever.

Cisco:

Not contempt with randomly shooting the cannons at Palo Alto WITHOUT THEIR PERMISSION Andy expands this shoot first and never ask questions to Cisco.

It's easy 'identifying a hoard exposed and insecure internet assets' when you just make up search queries and pop them into DNSViz, any monkey can do it.

DNS(!!!):

Andy expanding on the CISA Directive for DNS and warning about further abuse from tampering.... I feel that tunneling is getting more fun than actually altering DNS entries on a server, after all you need access for that first, just like M19-01 states.... Yeh he keeps ignoring that part.

Also the education standpoint, it is taught Andy just doesn't bother to keep up with the times.

If he wanted privacy I would just say 'use tor' but then Andy would make up a million more screenshots for something like;

'sobhaisudgbisdhvbcashvuhvahvdoyv-onion.mail.protection.microsoft.com'

Laugh now, but you know he would try it.

A Physical Bridge and DNS?!?:

Take real life thing, a bridge... add DNS to it... poop on Microsoft and some other companied that I've (Andy) mentioned in the last week... boom post on LinkedIn.

That feels like what this post was.

I mean the Tinsley Viaduct is also an Engineering wonder and I beleive it is the last still standing bridge of that guy who designed it... being the M1 tho it means it needed "all the structure work" to keep it upright.

Raysharp:

Oh Noes!

Red redactions, New company that has been mentioned in the news, let's say its insecure and exposed positions and DNS... again(!)

I'm starting to think Andy not only has an outdated browser problem,,, maybe something else too....

Anyway I did my due-diligence and checked it, works fine plenty of time left in them records:

It's odd that he always has problems loading things, perhaps less red lines and more 'can anyone browse to this page?'.

Now we are getting to the interesting recent ones.

How to Hack Web Applications:

Bit weird for the Number 1 self named global expert in asset management and DNS to suddenly talk about something different, maybe another post a little further down will help with the irony/misdirection on this one.

Also this article is on dev.to and is from 2020, times have changed dude there's way more fun things to pop web apps, I know because I get to practice them in my own lab ?? .

Do you lab or do you just fire at live targets and hope nothing breaks?

JK we know the answer already, unfortunately.

Oh that explains it...

Plausible Deniability:

Is this why DNS always did it?

Very odd for this to be posted when generally Andy's posts circle around DNS and whatever hot button topic is in the news, could he be predicting my inevitable post and making it easier to link the two?

Perhaps...

I know word gets back to him about these posts, for example it's funny how he only mentioned Paul after I posted about him publicly.

I mean I already covered in my normal LinkedIn updates that Andy can now 'tools down' about Solarwinds after he himself wrote that it was a supply chain attack.. lo and behold a new post comes up saying it's because of 'not secure and insecure systems'...

That's somewhat textbook narcissistic 'plausible deniability', if I am not mistaken.

But I am not here to provide free psychoanalysis of 'Mr DNS'.

I am here to point out the flaws in his postings and logic so hopefully this more scientific route will help people understand.

Why #DNS on this one?:

Command Control (C2) doesn't quite means what Andy thinks it means.

It is more expressed in the Command and Control of a Botnet or Remote Plant/Malware calling back to it's 'master' for instructions.

Personally I preferred the film 'Stealth' though the critics would argue otherwise on that one.

Also he's mentioned 'Supply chain' here so we can probably count how many days it will be till 'it's DNS', but why mention it for this post? Why #DNS and #PKI as well as tagging the pages for the FBI and others when you could #AI instead and prose the question to people who have done more research into AI to see what their opinion is?

Nope.

Just the same persons commenting and sharing.

So yeah, week 2.

I'm trying to be more 'facts and figures' than 'character on the internet', I mean yeah I have my opinion on things even from the above screenshots BUT I want to be more figures focussed to help separate myself from that.

One of these days I'll break into infosec proper with a 'sec' role and I want to hit the ground running on that be it; DevSecOps, DevOps, Engineering, Development, Pentesting, Red Teaming, Blue Teaming, DFIR, OSINT, SOC Analyst work.. I've been poking and playing in the background all while holding down a completely different job IRL AND excelling at that too.

Might turn back on the ol 'Open to work' and see what happens.

If you know anyone that is looking for someone that is basically a 'Swiss Army Knife at Infosec' (meaning I can do a lot of things to a certain degree).. Feel free to reach out or pass my name on.

Stay Dangerous friends ??