GitBook: [master] 2 pages modified

This commit is contained in:
CPol 2021-03-30 13:27:57 +00:00 committed by gitbook-bot
parent 81336c9141
commit be1799a87b
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 26 additions and 1 deletions

View file

@ -30,7 +30,6 @@
* **Replacement**: Like homoglyph but less stealthy. It replaces one of the letters in the domain name, perhaps with a letter in proximity of the original letter on the keyboard \(e.g, zektser.com\). * **Replacement**: Like homoglyph but less stealthy. It replaces one of the letters in the domain name, perhaps with a letter in proximity of the original letter on the keyboard \(e.g, zektser.com\).
* **Subdomained**: Introduce a **dot** inside the domain name \(e.g., ze.lster.com\). * **Subdomained**: Introduce a **dot** inside the domain name \(e.g., ze.lster.com\).
* **Insertion**: It **inserts a letter** into the domain name \(e.g., zerltser.com\). * **Insertion**: It **inserts a letter** into the domain name \(e.g., zerltser.com\).
* **Bitsquatting:** It anticipates a small portion of systems encountering hardware errors, resulting in the mutation of the resolved domain name by 1 bit. \(e.g., xeltser.com\).
* **Missing dot**: Append the TLD to the domain name. \(e.g., zelstercom.com\) * **Missing dot**: Append the TLD to the domain name. \(e.g., zelstercom.com\)
#### Automatic Tools #### Automatic Tools
@ -44,6 +43,18 @@
* [https://dnstwister.report/](https://dnstwister.report/) * [https://dnstwister.report/](https://dnstwister.report/)
* [https://www.internetmarketingninjas.com/tools/free-tools/domain-typo-generator/](https://www.internetmarketingninjas.com/tools/free-tools/domain-typo-generator/) * [https://www.internetmarketingninjas.com/tools/free-tools/domain-typo-generator/](https://www.internetmarketingninjas.com/tools/free-tools/domain-typo-generator/)
### Bitflipping
In the world of computing, everything is stored in bits \(zeros and ones\) in memory behind the scenes.
This applies to domains too. For example, _windows.com_ becomes _01110111..._ in the volatile memory of your computing device.
However, what if one of these bits got automatically flipped due to a solar flare, cosmic rays, or a hardware error? That is one of the 0's becomes a 1 and vice versa.
Applying this concept to DNS request, it's possible that the **domain requested** that arrives to the DNS server **isn't the same as the domain initially requested.**
For example a 1 bit modification in the domain microsoft.com can transform it into _windnws.com._
**Attackers may register as many bit-flipping domains as possible related to the victim in order to redirect legitimate users to their infrastructure**.
For more information read [https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/](https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/)
### Buy a trusted domain ### Buy a trusted domain
You can search in [https://www.expireddomains.net/](https://www.expireddomains.net/) for a expired domain that you could use. You can search in [https://www.expireddomains.net/](https://www.expireddomains.net/) for a expired domain that you could use.

View file

@ -18,6 +18,20 @@ For this purpose you can use any of the following tools. Note that these tolls w
* \*\*\*\*[**dnstwist**](https://github.com/elceef/dnstwist)\*\*\*\* * \*\*\*\*[**dnstwist**](https://github.com/elceef/dnstwist)\*\*\*\*
* [**urlcrazy**](https://github.com/urbanadventurer/urlcrazy)\*\*\*\* * [**urlcrazy**](https://github.com/urbanadventurer/urlcrazy)\*\*\*\*
### Bitflipping
In the world of computing, everything is stored in bits \(zeros and ones\) in memory behind the scenes.
This applies to domains too. For example, _windows.com_ becomes _01110111..._ in the volatile memory of your computing device.
However, what if one of these bits got automatically flipped due to a solar flare, cosmic rays, or a hardware error? That is one of the 0's becomes a 1 and vice versa.
Applying this concept to DNS request, it's possible that the **domain requested** that arrives to the DNS server **isn't the same as the domain initially requested.**
For example a 1 bit modification in the domain microsoft.com can transform it into _windnws.com._
**Attackers may register as many bit-flipping domains as possible related to the victim in order to redirect legitimate users to their infrastructure**.
For more information read [https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/](https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/)
**All possible bit-flipping domain names should be also monitored.**
### Basic checks ### Basic checks
Once you have a list of potential suspicions domain names you should **check** them \(mainly the ports HTTP and HTTPS\) to **see if they are using some login form similar** to someone of the victim's domain. Once you have a list of potential suspicions domain names you should **check** them \(mainly the ports HTTP and HTTPS\) to **see if they are using some login form similar** to someone of the victim's domain.