SlideShare a Scribd company logo

0x20 hack

Download as PPTX, PDF
A
antitree

The document discusses DNS vulnerabilities, particularly focusing on Dan Kaminsky's discovery of DNS cache poisoning and its implications. It describes several mitigation strategies, such as DNSSEC, randomizing name servers, and the 0x20 hack, while highlighting the anxiety surrounding these vulnerabilities and their solutions. Despite indicating potential fixes, it suggests widespread neglect and pessimism towards addressing these threats.

Technology
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
0x20 hack
 DNS vulnerabilities are teh shitz  The Dan Kaminskys find a way to do dns cache poisoning… on the Internet  Everyone freaks out  He gives some solutions like DNSSEC  Everyone goes… yeah right. See you in 2013  People freak out again
 Inject a fake DNS result into a caching DNS server  Clients requesting that hostname will be given the malicious response  Works for as long as TTL is set  Example: › Vulnerability in BIND exploited › Injects a cached response for www.google.com › Grandma goes to www.google.com, and is redirected
0x20 hack
 DNSSEC (we’re getting there)  Patch your DNS server (yes of course, but not an actual solution)  Disable caching (not realistic in most cases)  Randomize Name Servers (helps limit the affect of a poison)  Prepending a nonce to queries (balls930282- fwq.www.rochester2600.com - effective but “omg what’s a nonce”)  Removing duplicate queries (mitigate birthday attack)  0x20 Hack
0x20 hack
0x20 hack
 Refers to the simplest hack to modify the case of a DNS requests  0x20 bit manipulation is lower CPU cost compared to for example Python to change the case of a string  Turns out every DNS server ever can handle this hack  Requests need to generate a random bitmask  Only works if the DNS server does not pay attention to case  No entropy for TLR or number domains but helps most hostnames
www.rochester2600.com WWW.ROCHESTER2600.COM wWw.rOChesTer2600.CoM wWW.ROCheSTeR2600.com WWW.roCHEsTeR2600.COM 000 0000000000000 000 111 1111111111111 111 010 0110001000000 101 011 1110011010011 000 111 0011101010000 111
 Attackers must brute force all possible combinations of upper and lower to successfully poison your cache
 I didn’t know about this and love it’s simplicity  Hipster Tor
 A and a are 0x20 apart  The 0x20 hack  No one uses this anymore…history lesson  Nothing. You’re not even looking at the screen right now.
0x20 hack

More Related Content

DOC
Tên hàm
huynhthanhson
 
DOCX
Block buster
Camilo Montes
 
PPTX
Image based automation
antitree
 
PPTX
How [not] to throw a b sides
antitree
 
PPTX
28c3 in 15
antitree
 
PPTX
Salander v bond 2600
antitree
 
PDF
Just Mouse Jack Init
antitree
 
PPTX
Docker Security
antitree
 
Tên hàm
huynhthanhson
 
Block buster
Camilo Montes
 
Image based automation
antitree
 
How [not] to throw a b sides
antitree
 
28c3 in 15
antitree
 
Salander v bond 2600
antitree
 
Just Mouse Jack Init
antitree
 
Docker Security
antitree
 

Viewers also liked (7)

PPTX
Reinventing anon email
antitree
 
PPTX
Nsa and vpn
antitree
 
PPTX
Laverna vs etherpad
antitree
 
PPTX
Meek and domain fronting public
antitree
 
ODP
State of wifi_2016
antitree
 
PDF
Android Hacking
antitree
 
ODP
Introduction to ethereum_public
antitree
 
Reinventing anon email
antitree
 
Nsa and vpn
antitree
 
Laverna vs etherpad
antitree
 
Meek and domain fronting public
antitree
 
State of wifi_2016
antitree
 
Android Hacking
antitree
 
Introduction to ethereum_public
antitree
 

Similar to 0x20 hack (20)

PDF
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
Chika Yoshimura
 
PDF
DNS DDoS Attack and Risk
Sukbum Hong
 
PDF
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
Felipe Prado
 
PDF
Hands-on DNSSEC Deployment
Bangladesh Network Operators Group
 
PDF
Build Dynamic DNS server from scratch in C (Part1)
Yen-Kuan Wu
 
PPTX
Dns
hoangdinhhanh88
 
PPTX
DNS.pptx
EidTahir
 
PDF
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
FindWhitePapers
 
PPTX
HKNOG 5.0 - NSEC caching
APNIC
 
PPT
ISP Network Analyzing Tactics
shamim316
 
PDF
The Internet Is a Series of Tubes
John Hobbs
 
PDF
DNS Attacks
Himanshu Prabhakar
 
PPT
Bo2004
Dan Kaminsky
 
PPTX
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Dan Kaminsky
 
PDF
Minieri CS6262 Project Poster
Joe Minieri
 
DOCX
DNS spoofing/poisoning Attack Report (Word Document)
Fatima Qayyum
 
PDF
Day 2 Dns Cert 4a Cache Poisoning
vngundi
 
PPTX
THOTCON - The War over your DNS Queries
John Bambenek
 
PPTX
ION Bucharest - Deploying DNSSEC
Deploy360 Programme (Internet Society)
 
PDF
dns-sec-4-slides
kj teoh
 
NANOG32 - DNS Anomalies and Their Impacts on DNS Cache Servers
Chika Yoshimura
 
DNS DDoS Attack and Risk
Sukbum Hong
 
DEF CON 27 - GERALD DOUSSOT AND ROGER MEYER - state of dns rebinding attack ...
Felipe Prado
 
Hands-on DNSSEC Deployment
Bangladesh Network Operators Group
 
Build Dynamic DNS server from scratch in C (Part1)
Yen-Kuan Wu
 
Dns
hoangdinhhanh88
 
DNS.pptx
EidTahir
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
FindWhitePapers
 
HKNOG 5.0 - NSEC caching
APNIC
 
ISP Network Analyzing Tactics
shamim316
 
The Internet Is a Series of Tubes
John Hobbs
 
DNS Attacks
Himanshu Prabhakar
 
Bo2004
Dan Kaminsky
 
Phreebird Suite 1.0: Introducing the Domain Key Infrastructure
Dan Kaminsky
 
Minieri CS6262 Project Poster
Joe Minieri
 
DNS spoofing/poisoning Attack Report (Word Document)
Fatima Qayyum
 
Day 2 Dns Cert 4a Cache Poisoning
vngundi
 
THOTCON - The War over your DNS Queries
John Bambenek
 
ION Bucharest - Deploying DNSSEC
Deploy360 Programme (Internet Society)
 
dns-sec-4-slides
kj teoh
 

More from antitree (12)

ODP
Hardening ssh configurations
antitree
 
PPTX
Salander v bond b sides detroit final v3
antitree
 
PPTX
Pentesting embedded
antitree
 
PPTX
Tor
antitree
 
PPTX
Corporate Intelligence: Bridging the security and intelligence community
antitree
 
PPTX
Lock picking barcamp
antitree
 
PPTX
Lock picking 2600
antitree
 
PPTX
Anti tree firesheep
antitree
 
PPTX
Hackerspaces
antitree
 
PDF
Intro to IPv6 by Ben Woodruff
antitree
 
PPTX
Anonymity Systems: Tor
antitree
 
PPTX
Dll hijacking
antitree
 
Hardening ssh configurations
antitree
 
Salander v bond b sides detroit final v3
antitree
 
Pentesting embedded
antitree
 
Tor
antitree
 
Corporate Intelligence: Bridging the security and intelligence community
antitree
 
Lock picking barcamp
antitree
 
Lock picking 2600
antitree
 
Anti tree firesheep
antitree
 
Hackerspaces
antitree
 
Intro to IPv6 by Ben Woodruff
antitree
 
Anonymity Systems: Tor
antitree
 
Dll hijacking
antitree
 

Recently uploaded (20)

PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Encapsulation theory and applications.pdf
gurumoop
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
A Presentation on Artificial Intelligence
memembruh336
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Teaching material agriculture food technology
LiaRayya
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 

0x20 hack

  • 2.  DNS vulnerabilities are teh shitz  The Dan Kaminskys find a way to do dns cache poisoning… on the Internet  Everyone freaks out  He gives some solutions like DNSSEC  Everyone goes… yeah right. See you in 2013  People freak out again
  • 3.  Inject a fake DNS result into a caching DNS server  Clients requesting that hostname will be given the malicious response  Works for as long as TTL is set  Example: › Vulnerability in BIND exploited › Injects a cached response for www.google.com › Grandma goes to www.google.com, and is redirected
  • 5.  DNSSEC (we’re getting there)  Patch your DNS server (yes of course, but not an actual solution)  Disable caching (not realistic in most cases)  Randomize Name Servers (helps limit the affect of a poison)  Prepending a nonce to queries (balls930282- fwq.www.rochester2600.com - effective but “omg what’s a nonce”)  Removing duplicate queries (mitigate birthday attack)  0x20 Hack
  • 8.  Refers to the simplest hack to modify the case of a DNS requests  0x20 bit manipulation is lower CPU cost compared to for example Python to change the case of a string  Turns out every DNS server ever can handle this hack  Requests need to generate a random bitmask  Only works if the DNS server does not pay attention to case  No entropy for TLR or number domains but helps most hostnames
  • 10.  Attackers must brute force all possible combinations of upper and lower to successfully poison your cache
  • 11.  I didn’t know about this and love it’s simplicity  Hipster Tor
  • 12.  A and a are 0x20 apart  The 0x20 hack  No one uses this anymore…history lesson  Nothing. You’re not even looking at the screen right now.