State of DNS Rebinding - Attack & Prevention Techniques and the Singularity of Origin

BSidesLV 2019

Presented by: Gerald Doussot, Roger Meyer
Date: Wednesday August 07, 2019
Time: 18:00 - 18:55
Location: Breaking Ground

Do you want to know how you can exploit DNS rebinding 10x faster, bypass prevention mechanisms, interactively browse the victim’s internal network, and automate the whole process during your next red team exercise?

This talk will teach you how and give you an easy-to-use tool to do it.

First, we will cover in detail the subtleties that make DNS rebinding attacks more effective in practice, including techniques and operational conditions that make it faster and more reliable. We’ll also explain how to bypass commonly recommended security controls, dispelling attack and defense misconceptions that have been disseminated in blogs and social media posts.

This talk will include a number of demos using Singularity, our open source DNS rebinding attack framework that includes all the parts you need to get started pwning today, including:

– Remote code execution and exfiltration payloads for common dev tools and software

– Practical scanning and automation techniques to maximize the chance of controlling targeted services

We’ll also show an interesting post-exploitation technique that allows browsing a victim browser network environment without the use of HTTP proxies.

Gerald Doussot

Gerald Doussot is a Principal Security Consultant at NCC Group, with over 20 years experience in information technology. Gerald has undertaken defensive and offensive security roles, including the design, implementation and management of security solutions and services, software development, integration and security testing. Gerald has worked with organizations of all sizes in the public & private sectors and in domains such as safety, defense, commerce, health, finance, IT and telecommunications.

Roger Meyer

Roger Meyer is a Principal Security Engineer at NCC Group with extensive experience in managing and leading complex engagements. Roger specializes in web application security, network penetration testing, configuration reviews, and secure software development and architecture design. Roger has conducted over a hundred security audits, penetration tests, source code reviews, and architecture reviews over the last 6 years at NCC Group.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats