Backdooring Your Backdoors - Another $20 Domain, More Governments
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability to issue valid and trusted TLS/SSL certificates for any .MOBI domain.
This resulted in significant Internet-wide change, with Google petitioning the CAB Forum to wholly sunset the use of WHOIS for ownership validation when issuing CA-signed TLS/SSL certificates.
As always, idle hands, idle minds - it was never going to be long until our ill-advised sense of adventure struck again, and at this point, the only thing holding us back is our publishing schedule.
This time, our sense of adventure struck again, in the same vein of expired and abandoned infrastructure - but with a little twist. Today, we’re taking you through our adventures through what we’ve affectionately termed - mass-hacking-on-autopilot.
Imagine you want to gain access to thousands of systems, but don’t feel like investing the effort to identify and compromise systems yourself - or getting your hands dirty.
.avif)
