Techly NewsGet the app

Get the latest tech news

Backdooring Your Backdoors – Another $20 Domain, More Governments


After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability to issue valid and trusted TLS/

But, we have enjoyed continuing to exploit what truly appears to be a hugely underrated vulnerability class - abandoned and expired infrastructure- to basically give ourselves ‘theoretical’ free access to thousands of systems for the cost of a few (yet again) $20 domain names. are watching the logs keenly, and notice this request - ultimately, having the effect of notifying us that the web shell has been deployed and accessed correctly, and leaking the URL to the panel on the compromised domain in the referrer. While it’s noteworthy that the shells we observed were predominantly skewed toward Chinese targets (likely a reflection of our sample data set), we are also reluctant to draw conclusions based on source IP addresses (given the ease of proxying).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of domain

domain

Photo of governments

governments

Photo of backdoors

backdoors

Related news:

News photo

Over 4,000 backdoors hijacked by registering expired domains

News photo

Crims backdoored the backdoors they supplied to other miscreants. Then the domains lapsed

News photo

I don't do Domain Driven Design

« Apple may add an iPhone Air to its lineup
I spent 18 years in the Linux console »