Explore DNS Rebinding attacks and their resurgence in cybersecurity through this 41-minute NorthSec conference talk. Delve into the reasons behind the renewed interest in these attacks, including high-profile disclosures by Tavis Ormandy. Learn about the potential vulnerabilities in consumer software that treat localhost as secure. Discover a set of tools designed to streamline and scale DNS Rebinding attacks, and understand how these can be utilized for network reconnaissance from within a browser. Examine the concept of an opt-in "localhost census" page that employs DNS rebinding to identify HTTP-listening localhost services on visitors' computers, contributing to a comprehensive database of results.
Overview
Syllabus
Danny Cooper & Allan Wirth - Homeward Bound: Scanning Private IP Space with DNS Rebinding
Taught by
NorthSec