Host Header Attacks & 302 redirects used in concert with malicious DNS records / spoofed or squatted domains can be abused in this manner. For example, nearly all of these devices and appliances provide easily discoverable portals / content / metadata with which to craft extremely convincing social engineering campaigns, even in the absence of technical exploit vectors. Many issues develop due to these problems. (DATTOWEB, DATTOLOCAL, SYNOLOGY.ME, DYNAMIC-M, GVDIP.COM, EGNYTE-APPLIANCE.COM) insecure Zones, algorithmic FQDN generation, lack of local network controls, public metadata leakage) or vendor provided interfaces and access methods. The affected devices are easily discoverable either through insecure practices (ex. Essential PoC is contained in this document and is easily reproduced using supplied narrative and screenshots. Some concepts and new attacks may be obliquely referenced or held private by the researcher.
PKI, Dynamic DNS, “Finder” service registrations, DNS leakage, Layer 2 Attacks / DHCP network attacks, DNS passive hijacking through domain purchases & active record injection) These devices frequently self-provision services which leak critical data or through insecure network design and installation practices which are easily mapped, attacked, and discovered via insecure vendor, software, and integrator practices (ex. Vendors like DATTO, MERAKI, GEOVISION, SYNOLOGY, EGNYTE and others which leverage or depend on these services are imperiling data, networks, and businesses through insecure design, intentional design decisions, and web application flaws. BLUEMONDAY Series – Exploitation & Mapping of vulnerable devices at scale through self-registration services (DATTO/EGNYTE/SYNOLOGY/MERAKI/GEOVISION)
0 kommentar(er)
