Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials

Intruder.io, a London, England-based cybersecurity firm, conducted a self-hack using a DNS rebinding attack, enabling them to extract low-privileged AWS credentials.
Cybersecurity firm Intruder has published blog posts explaining how they got hacked by successfully exploiting a DNS rebinding vulnerability that allowed them to extract low-privileged AWS credentials.
They discovered a DNS rebinding vulnerability in their platform after hacking themselves.
DNS rebinding exploitation is a persistent threat.
In 2018, Hackread.com reported cybersecurity firm Armis' research, which revealed that over half a billion IoT devices were found vulnerable to DNS rebinding, most used by enterprises.
Intruder's penetration tester Daniel Thatcher noted that while the vulnerability's impact was limited due to the prevailing security measures, the exploit indicates the feasibility of DNS rebinding attacks in time-constrained scenarios like penetration testing.
Further probing helped him achieve reliable split-second DNS rebinding in Chrome, Edge, and Safari browsers, which was surprising, specifically when IPv6 was available.
The vulnerability was discovered in Intruder's screenshot workers, which capture snapshots of customer websites.
Since these follow HTTP redirects before taking screenshots and lack restrictions on accessing the internal EC2 metadata service, it became possible to expose AWS credentials for available roles.
Leveraging this vulnerability, a public web server was set up to redirect to the EC2 metadata service endpoint.
That's when it occurred to him that DNS rebinding could potentially enable them to bypass restrictions on major browsers and private network requests.
In browsers, traditional DNS rebinding allows attackers to access internal network services by tricking victims into loading a malicious website.
The attack relies on the browser first communicating with the public server and loading the attacker's page.
The attacker's server then blocks traffic, forcing the browser to fall back to the target server, allowing JavaScript on the attacker's page to send requests to the target server with the same origin.
The extracted credentials had minimal permissions and limited potential damage, but service disruption was possible.
They could prevent further digging into AWS and possible harm by limiting access to other HTTP services.
The screenshot worker vulnerability was patched with IMDSv2 implementation.
Conducting ethical hacking or penetration testing, wherein you intentionally hack into your own network to identify security vulnerabilities, is a proactive and strategic approach to bolstering cybersecurity defences.
By simulating real-world attack scenarios, organizations can gain valuable insights into potential weaknesses that could be exploited by malicious actors.
Simply put, hacking oneself provides an opportunity to address vulnerabilities beforehand, ensuring a more secure network environment before adversaries have a chance to exploit identified vulnerabilities.


This Cyber News was published on www.hackread.com. Publication date: Thu, 07 Dec 2023 14:14:10 +0000


Cyber News related to Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials

How to Prevent DNS Attacks: DNS Security Best Practices - To protect against attack, best practices must be applied to protect the DNS protocol, the server on which the DNS protocol runs, and all access to the DNS processes. Implementing these best practices will not only protect DNS but also network ...
11 months ago Esecurityplanet.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
GCP to AWS migration: A Comprehensive Guide - Embarking on a GCP to AWS migration journey can be both exciting and challenging. Before we dive into the technical details, let's explore why businesses might consider migrating from GCP to AWS. While GCP offers a range of services, AWS boasts an ...
10 months ago Feeds.dzone.com
Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials - Intruder.io, a London, England-based cybersecurity firm, conducted a self-hack using a DNS rebinding attack, enabling them to extract low-privileged AWS credentials. Cybersecurity firm Intruder has published blog posts explaining how they got hacked ...
11 months ago Hackread.com
CrowdStrike Demonstrates Cloud Security Leadership at AWS re:Invent - CrowdStrike is honored to be named Partner of the Year for several 2023 Geo and Global AWS Partner Awards at Amazon Web Services re:Invent 2023, where we are participating this year as a Diamond Sponsor. These accomplishments demonstrate our ...
11 months ago Crowdstrike.com
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
1 month ago Aws.amazon.com
Shaping the Future of Finance: The Cisco and AWS Collaboration in EMEA - The collaboration between Cisco and Amazon Web Services in the Europe, Middle East, and Africa region-combining each company's market leading strengths-continues to deliver impressive outcomes for our customers, notably within the Financial Services ...
11 months ago Feedpress.me
AWS CloudQuarry: Digging for Secrets in Public AMIs - Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. As a best practice, AMI creators should not include credentials, including AWS account credentials, in published AMIs. We wanted to scan all ...
6 months ago Packetstormsecurity.com
What happens when you accidentally leak your AWS API keys? - My situation had no ill consequences, but it could have if I had used my actual email for the script or if my project was bigger and I had used AWS or another cloud provider and hardcoded those credentials. In a later class I did learn how to safely ...
8 months ago Isc.sans.edu
DNS Tunneling Abuse Expands to Tracking & Scanning Victims - Attackers are taking malicious manipulation of DNS traffic to the next level, abusing DNS tunneling to scan a victim's network infrastructure as well as track victims' online behavior. Researchers from Palo Alto Networks' Unit 42 have identified ...
6 months ago Darkreading.com
CVE-2024-37293 - The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or ...
5 months ago Tenable.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
6 months ago Feeds.fortinet.com
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
10 months ago Securityzap.com
7 Rules to Improve AWS Security and Reduce Unwanted Incidents - Security of your AWS infrastructure is ultimately up to you. As the largest cloud services provider, AWS invests heavily to ensure its cloud environment is secure. Much of AWS security is still left to the customer, especially with regard to managing ...
1 year ago Beyondtrust.com
A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security - “Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from ...
1 month ago Krebsonsecurity.com
Rundown of Security News from AWS re:Invent 2023 - Amazon Web Services has been unveiling a steady stream of announcements during its AWS re:Invent 2023 event in Las Vegas this week. The focus over the four days, as expected, is on AI as AWS strives to show that its offerings can match - or surpass - ...
11 months ago Darkreading.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
4 months ago Techtarget.com
Understanding DNS Zones: A Comprehensive Guide - DNS stands for Domain Name System, and it is one of the most important components of the Internet. It is a network of servers that coordinates the registration, updating and resolution of domain names, so that users can easily access websites and ...
1 year ago Heimdalsecurity.com
SentinelLabs Details Discovery of FBot Tool for Compromising Cloud Services - SentinelLabs today published a report identifying a Python-based tool that cybercriminals are using to compromise cloud computing and software-as-a-service platforms. Alex Delamotte, senior threat researcher at SentinelLabs, said FBot is used to take ...
10 months ago Securityboulevard.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
9 months ago Legal.thomsonreuters.com
Cybersecurity M&A Roundup: 34 Deals Announced in November 2023 - Thirty-four cybersecurity-related merger and acquisition deals were announced in November 2023. Network security firm AMYNA Systems has acquired EPL Advisors, which specializes in strategy consulting, investor relations, fund raising, and early ...
11 months ago Securityweek.com
Cybersecurity Curriculum Development Tips for Schools - With the constant threat of cyber attacks, schools must prioritize the development of a robust cybersecurity curriculum to equip students with the necessary skills and knowledge. This article provides valuable insights and tips for schools aiming to ...
10 months ago Securityzap.com
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
11 months ago Securityzap.com
Cyber Employment 2024: Sky-High Expectations Fail Businesses & Job Seekers - Well-publicized estimates of a massive shortfall in cybersecurity workers have resulted in high expectations among job seekers in the field, but the reality often falls flat, because of a mismatch between companies' requirements and job seekers' ...
10 months ago Darkreading.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
11 months ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)