Security Operations

563 readers

6 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 1 year ago

MODERATORS

[email protected]

We Hacked Ourselves With DNS Rebinding (www.intruder.io)

submitted 11 months ago by [email protected] to c/[email protected]

0 comments fedilink hide all child comments

We Hacked Ourselves With DNS Rebinding::This post is the first in a two-part series on DNS rebinding in web browsers. In this post, I will talk about a bug we found in our own product which allowed us to retrieve low-privileged AWS credentials using DNS rebinding. In the next post, I will share new techniques to reliably achieve split-second DNS rebinding in Chrome, Edge, and Safari, as well as bypass Chrome's restrictions on requests to private networks.‍

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here