Explore the Phoenix Domain attack, a novel cybersecurity threat that enables adversaries to keep revoked malicious domains continuously resolvable at scale. Learn how this attack revives the previously mitigated Ghost Domain attack and affects all mainstream DNS software and public DNS resolvers. Discover the two variations of the Phoenix Domain attack and understand why it doesn't violate DNS specifications or best security practices. Delve into the systematic "reverse engineering" of cache operations across 8 DNS implementations, revealing new attack surfaces in domain name delegation processes. Gain insights from security researcher Xiang Li's 26-minute Black Hat conference presentation on this critical vulnerability in domain name delegation and revocation.
Overview
Syllabus
Phoenix Domain Attack: Vulnerable Links in Domain Name Delegation and Revocation
Taught by
Black Hat