Cloud

The Cloud is vast, and there are many vulnerabilities. Let us explore them!

CloudFront Domain Hijacks under Attack

Update: To my attention in April, it appears that Mindpoint may have been behind the automated assigning of the hijackable instances. See https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/ This is great, but CloudFront’s engineers definitely missed a whole lot, so I’m not sure if they actually see »

Alibaba CDN Domain Fronting

Author: @vysecurity It’s been a while since Domain Fronting has been out, we’ve been discussing the idea of using various CDNs such as Azure, Google App Engine, and Amazon CloudFront for domain fronting. That’s all become a reality now, as attackers move to better command and control »