Recon Wave @reconwave - Twitter Profile

Recon Wave @ReconWave

7 months ago

Read the whole analysis in our latest blog post! https://t.co/HZUF7Br9yU

0

23

Recon Wave @ReconWave

7 months ago

Only 2 DNS providers control 33% of all apex domains. This gives us an idea about the scale when one of the big tech players have a global outage. Do you know all the DNS providers you or your company uses?

1

0

1

0

107

Recon Wave @ReconWave

over 1 year ago

@chmelarp This action will in most companies go unnoticed even though the consequences can be brutal, ranging from unauthorized access to critical services, email spoofing, domain takeover etc; That's why we believe monitoring of DNS is also critical

1

0

29

Recon Wave @ReconWave

over 1 year ago

Would you know if a malicious actor added a new TXT record to your DNS? This silent move could compromise your organisation. At Recon Wave, we track all infrastructure changes, including DNS! Contact us for a free trial—no setup needed, we already have all the data!

ReconWave's tweet photo. Would you know if a malicious actor added a new TXT record to your DNS? This silent move could compromise your organisation.

At Recon Wave, we track all infrastructure changes, including DNS!

Contact us for a free trial—no setup needed, we already have all the data! https://t.co/E23BhEYaBC

1

3

2

0

438

Recon Wave @ReconWave

over 1 year ago

@chmelarp True, they for sure can do more devastating actions. However, it depends on the attacker's goal. If the goal is for example to stay hidden and hijack the domain in a 3rd party service, then adding a TXT record is usually enough. 1/2

1

0

20

ReconWave retweeted

Rozumbrada @repa_martin

over 1 year ago

Do you know about quite old (yet still sometimes working) technique to enumerate DNS zones using NSEC records? I don't blame you, let me show you, it's fun 🧵

1

7

2

3

543

ReconWave retweeted

Rozumbrada @repa_martin

over 1 year ago

People put really bizarre stuff to DNS as TXT records. Let me show you some of the best ones that I found so far 🧵

12

2K

182

622

333K

ReconWave retweeted

Rozumbrada @repa_martin

over 1 year ago

Open DNS zone transfers are 90s thing, right? Well our experiment shows that a shocking 8% of all global nameservers have still zone transfers publicly open, letting anyone dump entire zone records 1/4 🧵

2

1

326

ReconWave retweeted

Fox_threatintel @banthisguy9349

almost 2 years ago

Malware analysers! GO GO GO GO! #OPENDIR http://42.192.14.109:9999/

11

1K

155

917

217K

Recon Wave @ReconWave

almost 2 years ago

Our team has recently discovered a scary number of RSA private keys publicly stored in DNS TXT records. To our surprise, there is a special case where it actually makes sense! 🤯 Find out more in our latest blogpost! https://t.co/oMyv3TXDFv

ReconWave's tweet photo. Our team has recently discovered a scary number of RSA private keys publicly stored in DNS TXT records.

To our surprise, there is a special case where it actually makes sense! 🤯

Find out more in our latest blogpost!
https://t.co/oMyv3TXDFv https://t.co/LicbcVr1Y2

0

3

0

1

1K

Recon Wave @ReconWave

almost 2 years ago

We're excited to announce the launch of Recon Wave Search! More than 10 billion of DNS records unlocked for security researchers, pen-testers and defenders. 🎉 One of the biggest reverse DNS database at your fingertips! See part of your OSINT fingerprint! #ridereconwave

ReconWave's tweet photo. We're excited to announce the launch of Recon Wave Search!

More than 10 billion of DNS records unlocked for security researchers, pen-testers and defenders. 🎉

One of the biggest reverse DNS database at your fingertips! See part of your OSINT fingerprint!

#ridereconwave https://t.co/sCK5wCgWLe

0

4

5

0

616

ReconWave retweeted

ippsec

@ippsec

almost 2 years ago

My first thought was "Wow malware is scraping images". Then I opened iPhoto and typed a few words that appeared in photos. Like "Stream Deck" pulled up a picture of my desk. My guess is malware is just reading from the OS's photo index database and not doing any scraping at all. Which makes this more scary as if you are someone that takes a picture of your Ledger recovery phrase (or passwords), then it could be stolen in a couple-seconds if anyone ever has your phone. All it takes is handing your phone to someone to take a picture, them opening the photo app, and searching "Recovery Phrase" to pull up the ledger sheet. No fancy malware needed. I think it's important to emphasize how low-tech this hack can be as people think they are too small for sophisticated malware.

4

252

53

73

28K

ReconWave retweeted

Stratosphere Laboratory AIC FEE CTU @StratosphereIPS

almost 2 years ago

𝗢𝗻𝗹𝗶𝗻𝗲, 𝗵𝗮𝗻𝗱𝘀-𝗼𝗻, 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹, 𝗮𝗻𝗱 𝗳𝗿𝗲𝗲! CTU's "Introduction to Security" Class opens online for free! Join us and register for free. Starting on Sep 26th. #cybersec #infosec #blueteam #redteam https://t.co/Cnk6p1AmJl

3

30

22

12

13K

Recon Wave @ReconWave

almost 2 years ago

DNS hides a lot of hidden gems! #DNS #Gabe

0

1

0

98

ReconWave retweeted

@[email protected] @chaz_6

about 2 years ago

HAs anyone worked out why Amazon has been issuing ssl certs for dyingbirds[.]com every second? b7b7a13b51f467788d5d0f1b8e98f781713557967877[.]amdv[.]dyingbirds[.]com san[.]b7b7a13b51f467788d5d0f1b8e98f781713557967877[.]amdv[.]dyingbirds[.]com

0

1

104

Recon Wave @ReconWave

almost 2 years ago

Have you also not heard about DNS zone enumeration using NSEC records before? Check out our latest blogpost about this publicly less known but still relevant technique 🔍🔒 https://t.co/PGYn58D4iS #dns #recon #enumeration

0

1

0

70

ReconWave retweeted

DHH

@dhh

almost 2 years ago

Web programmers seem to have no idea just how fast computers have become. The vast majority of all SaaS apps ever made could easily run on a single, beefy beast. Main reason to add multiple machines is for redundancy, and even that is something you can put off for ages.

91

4K

315

1K

585K

ReconWave retweeted