Skip to main content

· 2 min read
Daniel Gorbe

An organization's attack surface comprises all digital, physical, and external IT assets, shared networks, and even social media entry points vulnerable to cyberattacks. It's a dynamic entity, constantly evolving with new technologies and operational changes. Recognizing the vastness of this surface is crucial for effective management​.

What is Attack Surface Management (ASM)?

ASM is a proactive approach involving continuous monitoring and analysis of an organization's attack surface to identify potential vulnerabilities and attack vectors. It adopts the perspective of an attacker, using similar techniques and tools, often involving ethical hackers. ASM includes traditional penetration testing, vulnerability scans, ongoing IT infrastructure monitoring, and threat modeling​.

The 4-Step ASM Lifecycle

1. Asset Discovery

This foundational step involves identifying all IT assets, including unknown or unapproved devices and software. Modern ASM solutions automate this process to maintain an up-to-date asset list​.

2. Vulnerability Analysis

After identifying assets, organizations analyze them for potential vulnerabilities. This includes assessing open network ports, misconfigurations, missing software patches, exposed passwords, and coding errors​.

3. Risk Prioritization

Not all vulnerabilities are equal in terms of business impact or ease of exploitation. ASM involves prioritizing remediation efforts based on various factors, including the ease of remediation, potential for exploitation, and previous incidents​.

4. Remediation

The final step involves implementing measures to address prioritized risks, often facilitated by ASM solutions that provide essential information to security teams for timely action​.

Challenges and Opportunities

The expansion of remote working and increasing adoption of cloud services have significantly broadened attack surfaces, introducing new vulnerabilities and sophisticated attack methods. Traditional cyber risk management approaches are often inadequate for these evolving challenges. ASM's proactive nature helps organizations to identify and mitigate new cyber threats, enhancing detection and response capabilities. This level of security is crucial for building trust and maintaining a strong security posture in today's digital landscape​.

Advanced Attack Surface Management is more than a set of tools; it's a mindset shift towards understanding and anticipating the attacker's perspective. By employing a comprehensive, dynamic approach to identify, analyze, prioritize, and remediate vulnerabilities, organizations can significantly enhance their defense against an ever-evolving array of cyber threats. While specific real-world examples are complex to generalize, the principles of ASM remain universally applicable across diverse organizational landscapes.

· 3 min read
Daniel Gorbe

The Domain Name System (DNS) is often described as the phonebook of the internet, translating human-readable domain names into IP addresses that computers understand. However, its pivotal role in internet connectivity also makes it a prime target for cyber attacks. This blog post will delve into the vulnerabilities inherent in the DNS system and the common misconfigurations that exacerbate these risks.

Understanding DNS Vulnerabilities

  1. DNS Spoofing (Cache Poisoning): This attack involves corrupting the DNS cache with false information, directing users to malicious sites without their knowledge. It can lead to phishing attacks and malware distribution.

  2. DNS Amplification Attacks: A form of Distributed Denial of Service (DDoS), where attackers exploit open DNS servers to flood a target with large volumes of traffic, overwhelming and incapacitating it.

  3. DNS Tunneling: Malicious actors can use DNS queries and responses to smuggle data out of a network, bypassing most firewalls and leaving data security compromised.

  4. NXDOMAIN Attacks: Flooding a DNS server with requests for records that don't exist, leading to server overloads and potential crashes.

Common DNS Misconfigurations

  1. Open Resolvers: DNS servers configured to accept queries from any IP address can be exploited for DNS amplification attacks. Limiting responses to known and trusted IP addresses can mitigate this risk.

  2. Insufficient Rate Limiting: Failing to implement rate limiting for DNS queries can leave a server vulnerable to DDoS attacks. Setting reasonable query limits helps in reducing this vulnerability.

  3. Lack of DNSSEC: DNSSEC (DNS Security Extensions) adds a layer of security by enabling DNS responses to be digitally signed. Without DNSSEC, data integrity cannot be assured, leaving the system open to spoofing attacks.

  4. Inadequate Logging and Monitoring: Not maintaining logs or monitoring DNS traffic can prevent the timely detection of unusual patterns that might indicate an attack.

Best Practices for Securing DNS

  1. Implement DNSSEC: This ensures that DNS responses are authentic and have not been tampered with.

  2. Configure DNS Rate Limiting: This helps in mitigating DDoS attacks by limiting the number of requests a server will respond to from a single IP address in a given time frame.

  3. Disable Recursion or Configure Split DNS: If your server doesn't need to provide recursive queries for the public, disable this feature. Alternatively, use Split DNS to separate internal and external queries.

  4. Regularly Update DNS Software: Keep your DNS software updated to ensure that known vulnerabilities are patched.

  5. Use Access Control Lists (ACLs): Configure ACLs to restrict who can query your DNS servers.

  6. Monitor DNS Logs: Regular monitoring can help in early detection of suspicious activities.

Conclusion

While DNS is a critical component of the internet infrastructure, it's not without its vulnerabilities. Understanding these risks and the common misconfigurations that exacerbate them is crucial for network administrators and cybersecurity professionals. By implementing best practices and regularly monitoring DNS activities, you can significantly mitigate the risks and ensure a more secure internet environment.

Further Steps

For those responsible for DNS management, it's recommended to conduct regular audits of your DNS configurations, stay informed about the latest DNS vulnerabilities and threats, and participate in cybersecurity forums to share insights and learn from peers. Remember, in the realm of cybersecurity, staying proactive is key to safeguarding your digital assets.

· 3 min read
Daniel Gorbe

In an era where cloud services dominate, the allure of self-hosting remains strong for those seeking control and customization. Self-hosting refers to the practice of setting up and managing your own servers for running websites, applications, or services, instead of relying on external providers. This post delves into the essentials of self-hosting, its advantages, challenges, and how you can get started.

Why Choose Self-Hosting?

  1. Control and Privacy: Self-hosting gives you complete control over your data. In an age where data privacy concerns are paramount, self-hosting ensures that your sensitive information remains in your hands.

  2. Customization: It allows for extensive customization. You can tweak your setup to perfectly suit your specific needs, something not always possible with commercial hosting services.

  3. Skill Development: Managing your own server can be a valuable learning experience. It enhances your understanding of networking, server management, and cybersecurity.

  4. Cost-Effectiveness: For long-term projects, self-hosting can be more cost-effective. You avoid recurring subscription fees, paying only for your hardware and electricity.

Challenges of Self-Hosting

  1. Technical Knowledge: It requires a certain level of technical expertise. Setting up and maintaining a server can be complex, especially when dealing with security and troubleshooting issues.

  2. Time Investment: Self-hosting demands time. Regular updates, backups, and monitoring are essential to keep your server running smoothly.

  3. Hardware and Reliability: You are responsible for your hardware. This means ensuring its reliability, upgrading it, and managing failures.

  4. Security Risks: Without the robust security measures of professional hosting services, self-hosted servers can be more vulnerable to attacks if not properly managed.

Getting Started with Self-Hosting

  1. Choosing the Right Hardware: Depending on your needs, this could range from a Raspberry Pi for lightweight applications to more robust servers for heavier tasks.

  2. Selecting an Operating System: Linux distributions like Ubuntu or CentOS are popular choices due to their stability and community support.

  3. Learning Basic Server Management: Familiarize yourself with basic commands, software installation, network configuration, and security practices.

  4. Setting Up Your Server: Install the necessary software, such as a web server (Apache or Nginx), database server (MySQL, PostgreSQL), and any other required tools.

  5. Ensuring Security: Implement firewall rules, secure SSH access, and regular updates. Consider using intrusion detection systems like Fail2Ban.

  6. Regular Maintenance: Schedule regular backups, monitor server health, and keep your software updated to ensure smooth operations.

Conclusion

Self-hosting can be a rewarding journey, offering control, customization, and privacy. However, it's not without its challenges. It demands technical know-how, time, and a proactive approach to security and maintenance. If you're willing to take on these challenges, self-hosting can be an empowering step towards digital independence.

Next Steps

For those interested in self-hosting, start small. Experiment with a simple project, like hosting a personal blog or a file server, and gradually scale up as you gain confidence and expertise. The journey to self-hosting is a continuous learning experience, filled with both challenges and rewards.

· 3 min read
Daniel Gorbe

An open source append only database of known subdomains. The goals are to discover, store and serve subdomains as fast as possible in a hassle free way.

NOTE: This project is in early stage! It takes some time to be up-to-date.

The current speed of finding subdomains of tesla.com is ~0.311s with 604 unique entry.

$ time curl "https://columbus.elmasy.com/lookup/tesla.com"
...
real 0m0.311s
user 0m0.021s
sys 0m0.010s

Query

Website

A website is built into the binary to present the capabilities of Columbus. URL: https://columbus.elmasy.com/

CLI

Using our CLI tool:

$ columbus lookup elmasy.com
dev.elmasy.com
elmasy.com
one.scanner.elmasy.com
status.elmasy.com
autoconfig.elmasy.com
columbus.elmasy.com
three.scanner.elmasy.com
four.scanner.elmasy.com
autodiscover.elmasy.com
scan.elmasy.com
two.scanner.elmasy.com
gw.elmasy.com
www.elmasy.com
db.elmasy.com
api.elmasy.com
blog.elmasy.com

HTTP API

By default, the API returns a JSON array:

$ curl "https://columbus.elmasy.com/lookup/elmasy.com"
["dev","","one.scanner","status","autoconfig","columbus","three.scanner","four.scanner","autodiscover","scan","two.scanner","gw","www","db","api","blog"]

Set Accept header to text/plain to get a newline delimed string:

$ curl -H "Accept: text/plain" "https://columbus.elmasy.com/lookup/elmasy.com"
dev

one.scanner
status
autoconfig
columbus
three.scanner
four.scanner
autodiscover
scan
two.scanner
gw
www
db
api
blog

NOTE: The empty string (or line) represent the domain itself.

Sources

Certificate Transparency

Multiple Scanners are always running and inserting every found domain.

Logs:

  • Argon
  • Mammoth
  • Nessie
  • Nimbus
  • Oak
  • Sabre
  • Trustasia
  • Xenon
  • Yeti

The full list of logs can be found here.

DNS Servers

Using our DNS servers is the easiest way to contribute to the project. Every valid record will be inserted into the database.

List of servers (TCP + UDP):

  • 194.163.175.29:53
  • 178.18.241.104:53
  • 149.102.156.147:53
  • 149.102.156.148:53

Contributing is this simple:

amass enum -tr 194.163.175.29,178.18.241.104,149.102.156.147,149.102.156.148 -d example.com
subfinder -r 194.163.175.29,178.18.241.104,149.102.156.147,149.102.156.148 -d example.com

Or just:

dig @149.102.156.148 example.com

This external shell script collects commonly used, "popular" domains and run external tools on it using our DNS servers to ensure, that the most important domains are always up to date.

Integration

One of the main aspect was the ease of integration into other systems with the API or embedding the result into a website as the CORS setting allows it.