Luke Humberdross

@[email protected]
7 Followers
76 Following
16 Posts
SecOps guy who’s obsessed with stuff like detection, threat hunting, threat intelligence, etc. Enjoys a good meme every once in a while.
Twitterhttps://twitter.com/x86_n64
Websitehttps://Iuke.humberdross.com
Luke HumberdrossMar 8, 2023

1 of the 3 nameservers for the ccTLD .dj is some OVH VPS box. It's a name that really sticks out compared to others in the root zone file. Looks like it hasn't been answering DNS queries for some time now, but it does have SSH exposed.

https://tldmon.dns-oarc.net/nagios/cgi-bin/status.cgi?navbarsearch=1&host=dj

Did Djibouti forget to pay their bill and now the owner of this IP is receiving one third of recursive resolvers' queries for .dj domains? Or did their DNS server just fall over?

Current Network Status

Luke HumberdrossFeb 9, 2023

An acknowledgement from Microsoft for my first security vulnerability report just went up at https://msrc.microsoft.com/update-guide/acknowledgement/. 🥳

tl;dr: You could inject `javascript:` URIs into a URL parameter for Teams Safe Links.

(Matrix code rain PoC included.)

Security Update Guide - Microsoft Security Response Center