Questions tagged [domain]
The domain tag has no usage guidance.
118
questions
1
vote
1
answer
120
views
Can NTLM pass-through authentication be done without NetLogon?
In any "recent" documentation regarding NTLM (Microsoft) I see it stated that the mechanism of pass-through authentication is done over a NetLogon channel, which should be secure. This ...
0
votes
0
answers
64
views
domain (active directory) machines accessible via web
I recently stumbled across customer machines (windows server) that were part of the customers active directory domain and also had IIS applications accessible for the www.
I only have the vague ...
0
votes
1
answer
204
views
What is the best way to validate third-party domains calling an API?
Our business is in the payment processing space and one of our core products is a Payment Gateway API. In terms of security we issue an API Key, Signature and RSA Encryption for sensitive information ...
2
votes
1
answer
168
views
Would a bricks-and-mortar large firm benefit from anonymous domain registration?
Recently, doing "whois" on random large Fortune 500 style bricks-and-mortar companies, I've seen a few use private/"anonymous" registrations.
Normally you see stuff like
Registrant ...
34
votes
4
answers
9k
views
Domain about to expire. Afraid that new owners will spread malware
I have a domain that is about to expire. It was used for hosting my freeware which I do not maintain anymore but can still be found on shareware directories. The application points to my domain (...
1
vote
2
answers
230
views
Country code top-level domain (ccTLD) hijacking?
Imagine a country ruled by a non-democratic government with an explicit disregard to local and international laws. The national registry for local domains (Country code top-level domains) falls under ...
1
vote
2
answers
251
views
Are there any security reasons against "drop-www" (using example.com instead of www.example.com)?
Are there any security reasons against "drop-www"?
In other words, are there any security reasons against using an apex [1] domain name such as example.com instead of a subdomain such as www....
2
votes
1
answer
348
views
Amazon Cloudfront trackers, do they mean anything in an investigation?
One way I use to find domains owned by the same people is through tracking codes (Google Analytics and such). Recently I've come across a domain with this tracker code:
d1lxhc4jvstzrp
When I lookup ...
0
votes
2
answers
210
views
DomainFronting - re-routing and SSL certificats
I'm looking for a specific answer regarding the TLS handshake in a scenario of domain-fronting.
Following hensonsecurity and zscaler blogs I have noticed that a detailed description regarding the re-...
0
votes
1
answer
2k
views
Does alias in a truststore matter?
I was trying to add a new certificate to our truststore. But I got the alias already exists error.
I can't remove the old certificate yet, but I have to add the new certificate.
Will it matter if I ...
0
votes
1
answer
136
views
How to get my exploit script served on arbitrary subdomain?
Sometimes when checking whether requests are cross-origin, applications check whether the origin contains the whitelisted domain. This makes it possible to bypass the white-listing by including the ...
0
votes
1
answer
149
views
Can I escalate a main domain SSTI/RCE to all the subdomains belonging to that domain?
I'm a newbie ethical hacker and bug bounty hunter. Lets, assume my target is somethingtohack.com, the thing is the company's scope defines that the main domain is out of scope, but subdomains like ...
1
vote
0
answers
399
views
Looking for origin/ verification of malicious domain names [closed]
My network sniffer for websites has discovered a number of hosting domains in the report which I can not correctly assign to categories. I don't know if there are providers behind these domains that ...
0
votes
0
answers
418
views
What are security risks of a domain user accounts with denied interactive logon?
When I create domain user account with denied interactive logon, what are real security risks when hacker gets the password?
http://paulasitblog.blogspot.com/2017/01/deny-interactive-logon-for-service....
1
vote
3
answers
1k
views
Should I have another domain name for my company internal tools
My company has a domain name that we use to serve our customers, say company.com for the main website, app.company.com for the web application and api.company.com. These are all public domains that ...