IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [domain]

110 questions
1
vote
1 answer

Custom email domain with a third-party provider: security holes to watch out for?

If I'm switching to user@example.com emails and using a third-party email service provider that I trust (for example, Google Apps), what potential security threats do I need to secure my system against? Note that I am not referring to security…
user541686
  • 2,502
  • 2
  • 21
  • 28
1
vote
0 answers

WordPress site sends email from strange domains

I had a WordPress site with a security plugin configured to send me periodical database backups via email. This morning I noticed that I was receiving these emails as coming from two strange domains I don't own nor recognize (the addresses were of a…
Lordanti
  • 43
  • 3
1
vote
1 answer

Become domain admin by controlling an OU in Active Directory?

Some tools that draw links between objects in a Active Directory architecture, show that if we have an user who is administrator of an OU on which a domain administrator is also present, so he can take control of the domain. Is that true? How is it…
Duke Nukem
  • 687
  • 3
  • 9
  • 20
1
vote
1 answer

What can I do about a malicious site with a similar domain name?

I recently purchased a domain name (lets pretend it was generic.co), I checked to see what site was hosted on the domain close to mine (generic.com). The site loads a fake blue screen of death and has a JavaScript modal that can't be…
thisischuck
  • 113
  • 3
0
votes
3 answers

Is it possible to get Network Domain from Client with PHP or Apache?

I'm working on a solution to identify client Network Domain or Workgroup in a private network. Based on it, I must change some access permissions. I can't do that through IP address because it isn't trustable, only network domain/ workgroup. For…
LeonanCarvalho
  • 204
  • 3
  • 13
0
votes
2 answers

DomainFronting - re-routing and SSL certificats

I'm looking for a specific answer regarding the TLS handshake in a scenario of domain-fronting. Following hensonsecurity and zscaler blogs I have noticed that a detailed description regarding the re-direct / routing scheme is missing when the CDN…
user281868
  • 1
0
votes
1 answer

Does alias in a truststore matter?

I was trying to add a new certificate to our truststore. But I got the alias already exists error. I can't remove the old certificate yet, but I have to add the new certificate. Will it matter if I imported the renewed certificate on a different…
ssl_noob
  • 1
0
votes
1 answer

How to get my exploit script served on arbitrary subdomain?

Sometimes when checking whether requests are cross-origin, applications check whether the origin contains the whitelisted domain. This makes it possible to bypass the white-listing by including the whitelisted value in the subdomain. E.g.…
Sjoerd
  • 28,707
  • 12
  • 74
  • 102
0
votes
1 answer

Can I escalate a main domain SSTI/RCE to all the subdomains belonging to that domain?

I'm a newbie ethical hacker and bug bounty hunter. Lets, assume my target is somethingtohack.com, the thing is the company's scope defines that the main domain is out of scope, but subdomains like subdomain.somethingtohack.com are in scope, and…
Offensive Bug Hunter
  • 3
  • 1
0
votes
0 answers

What are security risks of a domain user accounts with denied interactive logon?

When I create domain user account with denied interactive logon, what are real security risks when hacker gets the password? http://paulasitblog.blogspot.com/2017/01/deny-interactive-logon-for-service.html Computer Configuration / Windows Settings…
Vojtěch Dohnal
  • 91
  • 5
0
votes
3 answers

Should I have another domain name for my company internal tools

My company has a domain name that we use to serve our customers, say company.com for the main website, app.company.com for the web application and api.company.com. These are all public domains that our customers connect to use our services. Besides…
drpexe
  • 775
  • 1
  • 5
  • 12
0
votes
1 answer

Should I use my own domain in my proton mail?

Using my own domain on Proton Mail is cool, but what if someone hack my namecheap account? What if some government orders that my domain is redirected? Should I use @protonmail instead of @mydomain? What are the implications?
Guerlando OCs
  • 405
  • 4
  • 14
0
votes
1 answer

Realistic for organizations to avoid links in emails pointing to less known sites?

Over the years, I found myself constantly pointing out to organizations that emails containing links with 3rd party domain names that are relatively unknown are problematic. That's how social engineering occurs. For example, surveymonkey is…
user2153235
  • 105
  • 6
0
votes
0 answers

Non-malicious root causes for multiple failed logon in windows domain

While monitoring SIEM alerts, I saw that there was more than 200 failed logon for a user to several hosts in the domain. Obviously, it was triggered as a brute-force attempt. Assuming it was not an attack. What are the non-malicious root causes that…
Onyx
  • 21
  • 1
0
votes
1 answer

a single ip adress host multiple domain at the same time, how do i scan it using nmap or other tools?

lets say an ip adress 111.111.111.111 host multiple domain, (example.com , exampleid.com , admin.example.com, etc.) and i wanted to scan it port, how do i scan a spesific domain (headers key: Host value : example.com)?
bang_jagoet
  • 3
  • 2
1 2 3 4
5
6 7 8