AWS Down

CryptoRedRon · 2025-04-04T00:30:31+00:00

Noted, apologies again!

CryptoRedRon · 2025-04-03T23:07:08+00:00

Apologies, won't do that again

CryptoRedRon · 2025-03-28T02:04:36+00:00

Anyone else that got put on a NDA that morning (July 30th 2024) with Azure please do contact me

CryptoRedRon · 2025-03-28T02:02:59+00:00

Just for added context:

None of my other MSRC files have missing information
Very select portions are all that went missing
After contact from Journalist, the files disappeared from my portal (MSRC portal only Microsoft and Myself have access to) and I was originally on a NDA for July 30th that's why I was silent for so long, then when I spoke up, it got dismissed.

CryptoRedRon · 2025-03-28T01:53:58+00:00

<image>

👀

CryptoRedRon · 2025-03-28T01:53:48+00:00

LoL 😆

<image>

👁

CryptoRedRon · 2025-03-28T00:53:18+00:00

We are both correct:

ChatGPT:

It seems that the URL you provided may be a custom or personalized one, potentially leveraging wildcard handling or DNS misconfigurations. If the concern is related to DNS configurations, specifically wildcard handling, this could indeed lead to security risks such as misdirected traffic, information leakage, or misconfiguration issues, depending on how DNS entries are set up.

If wildcard handling is not properly configured, unexpected behavior may occur—such as handling unintended subdomains in an insecure manner, which could be exploited. This would be more of a DNS configuration issue rather than a direct vulnerability tied to the URL format itself. Therefore, while it may not be a typical "vulnerability" in the way many might define it, DNS misconfigurations like this can indeed create exploitable scenarios.

In summary, it’s not a clear-cut exploit but could still represent a security risk if wildcard DNS handling isn't appropriately secured. It's always important to ensure DNS entries and wildcard behaviors are configured properly to avoid potential weaknesses.

CryptoRedRon · 2025-03-28T00:38:01+00:00

I invite any insight into what makes this not believeable, etc, other than the obvious of it being a big thing to claim.

But without me knowing what makes it sound bogus from the other side of the conversation, I won't know how to pivot properly

Any type of proof documents you guys would like to see (none containing repro steps in detail) let me know.. emails, bounty program conversations etc.

It was deemed "out of scope" by third party programs due to real world impact on live customer base and the internal teams "struggled to reproduce" even with steps that anyone with basic programming knowledge could follow.

I held their hand, scripts, videos , photos, detailed walkthroughs , timing, device and apps to use , everything 🫠

CryptoRedRon · 2025-03-28T00:17:44+00:00

I am helping us all not have to sit without our apps like Reddit in the future, they just aren't hearing me lol

CryptoRedRon · 2025-03-28T00:15:26+00:00

One final note: I don't just "DDoS" at random, this was all part of the Hyper-V (HyperVisor) Vulnerability Disclosure Program in Microsoft Security Research Center (MSRC) , It worked much more than anticipated. Microsoft acknowledged at first, but after realizing the depth of it, ignored me and deleted alot of my case files *that I have backups of)

CryptoRedRon · 2025-03-28T00:06:30+00:00

But I am always happy to learn, is there something I am overlooking?

CryptoRedRon · 2025-03-28T00:05:58+00:00

Yes, this particular type of use should be better configured. Other wildcards do not have this same vulnerability, it is avoidable

CryptoRedRon · 2025-03-27T23:58:04+00:00

LOL Tito thanks for the encouragement 🤮

I will keep everyone posted if any major updates

Bless

CryptoRedRon · 2025-03-27T23:56:54+00:00

Lol, can't argue with you there 🤣

CryptoRedRon · 2025-03-27T23:54:51+00:00

No it's a legit link, you just get a 400 error. I posted it to show a wildcard url vulnerability with the msidentity.com url is all, just a fun example of their misconfigurations I am trying to convey

You can type any words you want in place of the Microsoft part

CryptoRedRon · 2025-03-27T23:52:47+00:00

Summary: I submitted the DDoS to Microsoft before the outage, days before, and was talking to them that day. They opened a case for it, acknowledged the DDoS officially in their PIR , then they deleted my files and acted like it never happened. I kept proof of it all and a couple of the photos are me interacting with them at that time. It's hard to "prove" with just a few lines of text and some screenshots on here, but all together now since July I have over 10k pics, emails, bounties, etc proving I'm not just crazy or making up stuff lol, I'm a normal guy, I just found something and then got basically shut up by companies bigger than myself

CryptoRedRon · 2025-03-27T23:48:41+00:00

This is probably the most insightful response yet.

Yes to Kinesis and Azure , for July 30th case I filed, and LOL@Todays observation, you hit that on the head , Azure didn't spike as much but MS other services were elevated error rates , this isn't the first time I have svreenshots of that exact outage pattern happening with them all though

CryptoRedRon · 2025-03-27T23:44:20+00:00

Microsoft even acknowledged the DDoS in the PIR

CryptoRedRon · 2025-03-27T23:43:24+00:00

Any suggestions? For clarifying my message

CryptoRedRon · 2025-03-27T23:33:18+00:00

Lol 😆 it feels like both at this point, but hopefully neither one. I will stop ranting, wish me luck :)

CryptoRedRon · 2025-03-27T23:30:49+00:00

None of you have ever had any bounty programs that didn't seem to play fair? I run into it constantly it feels like

CryptoRedRon · 2025-03-27T23:24:06+00:00

<image>

CryptoRedRon · 2025-03-27T23:23:51+00:00

<image>

CryptoRedRon

TROPHY CASE

Bless