Test A-R53-8 specifically looks for Domains that are due to expire within the next 90 days that do not have any form of auto renewal. We reference the risk for expired domains to get squatted whereby a third party captures the domain and utilises it for ransom, SEO capture or other nefarious schemes. However, there’s an additional level of risk in the data that the domain has implicit ownership over that has been proven by other researchers in the field.
Inti De Ceukelaire purchased over 100 domains that were tied to companies, institutions and municipalities that were no longer active. For example, the Belgian municipality of Overpelt was merged with Neerpelt to become Pelt leaving overpelt.be available for purchase. Many domains like this were researched and purchased by Inti.
Shortly after purchasing the domains Inti researched and configured known email addresses with his email provider for each domain. Over a period of two days Inti recieved active emails sent to those email addresses as well as request password resets to major platforms for the researched email accounts. this included:
Upon proving the concept of his research Inti ceased further activity.
Inti’s research was responsible and completed early after proving the impact of squatted domains. An attacker can expand upon this compromise to do the following:
.edu domains to acquire and sell on education discounts. A more serious matter would include impersonation of exposed persons by mimicking their identity using email accounts administered on the squatted domainInti’s example is a great introduction to what’s possible with an expired domain as well as a stark example of how many expired domains are available and how easy it is to acquire them. A knowledgeable attacker would be able to automate the process of data extraction to create a factory of data retrieval capturing old email addresses and providing a full set of recovered accounts. A motivated and targeted attacker would be capable of utilising squatted domains to socially engineer interactions leading to further compromise.
Decommissioning of a domain is a variable endeavour that scales substantially the more the domain was in use. Domains that accept and utilise email are particularly vulnerable and should be considered for full review ahead of any decommissioning.
Expiring Domains without Autorenew lead to service downtime and signal operational risk. Expired domains can also be captured by malicious parties.
route53 aws
An AWS security assessment evaluates the security posture of an AWS account, analysing the cloud resources contained in an account and their configuration. The goal of this assessment is to find any resources or vulnerabilities that can be maliciously utilised to compromise any services hosted in the AWS Account. Minimising these vulnerabilities will result in the hosted services being more resilient to attack and therefore adopting a stronger security posture.
vulnerability scan cloud aws
If you are hosting applications on Amazon Web Services (AWS), it is important to consider the impact to AWS from your penetration testing. A key aspect of this consideration is determining whether what penetration testing can be safely conducted on the AWS platform without advanced permission and which testing should be abstained from without prior agreement.
penetration testing cloud aws