2024-09-27 –, Main Track
Doing DNS reconnaissance at a large scale sometimes reveals quirks of the internet that were never expected.
Initially starting as an annoyance and thought to be an isolated issue, we discovered that any domain with name servers hosted in China would return poisoned DNS responses when the subdomain contained specific words or characters.
We detail several practical client-side attacks that can result from this DNS poisoning. These attacks impact every domain on the Internet that uses a nameserver located in China. It's estimated that more than 30 million domains are vulnerable to this.
Digging into the patterns that lead to the poisoning, we discuss some theories about this behaviour and why companies with a web presence in China find this issue challenging to remediate.
Bio for Shubham Shah:
Shubham Shah is the co-founder and CTO of Assetnote, a leading attack surface management platform. On HackerOne, he's been ranked the #1 bug bounty hunter in Australia for three consecutive years and #27 in the world. Shubham specializes in discovering complex vulnerabilities in enterprise software and engineering security automation.
Bio for Michael Gianarakis:
Michael Gianarakis is the co-founder and CEO of Assetnote. Michael has over 16 years of experience in the offensive security industry, building and managing offensive security teams across the Asia-Pacific region and pioneering the Attack Surface Management category. He has presented security research around the world, including at DEF CON, Black Hat Asia, BSides, Las Vegas, Hack in the Box, AusCert, Thotcon, 44Con, and OWASP. Michael is also one of the organisers of Australia's most professional and well-organised security conference, Tuskcon.