OARC 40 & NANOG 87 Workshop

摘要

Public hosting services provide convenience for domain owners to build web applications with better scalability and security. However, if a domain name points to released service endpoints (e.g., nameservers allocated by a provider), adversaries can take over the domain by applying the same endpoints. Such a threat is called hosting-based domain takeover. There have been numerous domain takeover incidents in recent years that have had significant effects; even well-known websites like the subdomains of microsoft.com have been impacted. However, there is currently no effective detection system in place to identify these vulnerable domains on a large scale. In this paper, we present a novel framework, HostingChecker, for detecting domain takeovers. In comparison to previous works, HostingChecker expands the detection scope and improves the detection efficiency by: (i) systematically identifying vulnerable hosting services using a semi-automated method; and (ii) detecting vulnerable domains by passively reconstructing domain resolution chains. We evaluate the effectiveness of HostingChecker and eventually detect 10,351 subdomains from Tranco Top-1M apex domains vulnerable to domain takeover, which are over 8× more than previous findings. Specifically, HostingChecker enables us to detect the subdomains of Tranco sites on a daily basis. Furthermore, we conduct an in-depth security analysis on the affected vendors, like Amazon and Alibaba, and gain a suite of new insights, including flawed implementation of domain validation. We have responsibly reported issues to the security response centers of affected vendors, and some of them have adopted our mitigation.

日期
2月 16, 2023 — 2月 17, 2023
位置
Hybrid in-person and online workshop (Atlanta Marriott Marquis)
265 Peachtree Center Ave NE, Atlanta, 30303

OARC 40 & NANOG 87 Workshop(线上线下结合),我分享了明明最新的研究工作:域名接管。

现场反馈

talk

李想
李想
南开大学副教授

李想,南开大学副教授,南开大学CTF战队指导老师、ACM会员、CCF会员、中国通讯学会会员、顶会IMC 2025 PC、AsiaCCS 2025 PC。研究方向为网络与协议安全、Web安全、漏洞挖掘等,已发表论文18篇(含一作6篇:在网络安全四大顶会均有发表、通讯1篇、二作3篇),第一发明人授权专利1项及实质审查中5项(共11项),在Black Hat多次分享,获得200+CVE等漏洞编号,370+GitHub stars。研究获得多个政府及大学CERT安全公告、100+媒体报道,并被纳入RFC标准文档。其也获得了多项奖项荣誉,如2024年度ACM SIGSAC中国优博奖、2024年度黑客奥斯卡Pwnie提名奖、IPv6创新大赛一等奖、GeekCon国际安全极客大赛亚军及非凡黑客荣誉称号、王大中奖学金、博士研究生国家奖学金、清华优秀奖学金、优秀博士毕业生等。