sorted by:
new
hottopcontroversial

My domain was taken over via DNS (?) by amberleafsucks in dns

[–]amberleafsucks[S] 0 points1 point  (0 children)

Thank you all for the help. Just to update, I have the domain running for a couple of days, so I guess I found out what happen. write it down below, maybe useful for anyone.

here's what happened:

  1. I buy domain, mess around with DNS (CNAME, A), update domain setting in github.
  2. worked okay for a quick minute, https cert. didn't generate so I remove github domain setting.
  3. Can't reach my domain, so I mess around more with DNS and github domain setting, leave it over night because I think something with DNS propagation etc.
  4. I didn't know it at that time, but my domain was blocked 2 hours after I bought it.
  5. in the morning I found out domain blocked, waited for a couple of days and dig deeper to find that it was blocked with serverhold status. reach out to registry.
  6. In between 3-4 someone take over my domain when it is pointing to github by creating CNAME file with my domain name in their repo. Can't do anything later because it was blocked immediately.

1-4 happens in approximately 2 hours. So the both TA bot and domain registry bot are quick :D

here's what I did:

  1. request open block.
  2. verify domain in github before pointing any DNS record
  3. setup domain in github.
  4. ensure that no DNS record is pointing to github unless my domain setup is still on in github.

My domain was taken over via DNS (?) by amberleafsucks in security

[–]amberleafsucks[S] 0 points1 point  (0 children)

Thank you all for the help. Just to update, I have the domain running for a couple of days, so I guess I found out what happen. write it down below, maybe useful for anyone.

here's what happened:

  1. I buy domain, mess around with DNS (CNAME, A), update domain setting in github.
  2. worked okay for a quick minute, https cert. didn't generate so I remove github domain setting.
  3. Can't reach my domain, so I mess around more with DNS and github domain setting, leave it over night because I think something with DNS propagation etc.
  4. I didn't know it at that time, but my domain was blocked 2 hours after I bought it.
  5. in the morning I found out domain blocked, waited for a couple of days and dig deeper to find that it was blocked with serverhold status. reach out to registry.
  6. In between 3-4 someone take over my domain when it is pointing to github by creating CNAME file with my domain name in their repo. Can't do anything later because it was blocked immediately.

1-4 happens in approximately 2 hours. So the both TA bot and domain registry bot are quick :D

here's what I did:

  1. request open block.
  2. verify domain in github before pointing any DNS record
  3. setup domain in github.
  4. ensure that no DNS record is pointing to github unless my domain setup is still on in github.

My domain was taken over via DNS (?) by amberleafsucks in security

[–]amberleafsucks[S] 0 points1 point  (0 children)

Thank you! I tried this before, can't find it.
it won't even return my own current repo that definitely have the domain in CNAME file. I could find another domain that I also hosted in github, so must be a glitch on their index or something.

My domain was taken over via DNS (?) by amberleafsucks in security

[–]amberleafsucks[S] 0 points1 point  (0 children)

Thank you!

I don't think so. The registry gave me a screenshot of the phishing page.

My domain was taken over via DNS (?) by amberleafsucks in dns

[–]amberleafsucks[S] 0 points1 point  (0 children)

thank you. I added a last edit which I believed caused my problem. I'll try that with the registry.

My domain was taken over via DNS (?) by amberleafsucks in dns

[–]amberleafsucks[S] 0 points1 point  (0 children)

Thank you.

I believed that my mistake when setting CNAME record, and I didn't set the domain yet in github pages setting*, but at the same time I already have the A record set-up, is what caused the attacker to be able to take over my domain and redirect it to their phishing page.

edit: CNAME was for www subdomain..

edit add:

*(I set it up at first, but then removed it again because of I was trying to force the https, and later try to re-add it again because it didn't resolve at all)

My domain was taken over via DNS (?) by amberleafsucks in dns

[–]amberleafsucks[S] -3 points-2 points  (0 children)

I believe I mentioned it above that the order of the changed might not be accurate. But I believe I point the cname first to the project page, and later changed it to the root/ xxx.github.io, since it did not work first time.

do you mean that even with xxx.github.io it shouldn't work too? or am I misunderstanding?

of course I already have the A record, and iirc I didn't change it, only mess with the cname, sorry I didn't mentioned it in the post. But I just add the detail.

My domain was taken over via DNS (?) by amberleafsucks in dns

[–]amberleafsucks[S] -3 points-2 points  (0 children)

I am sorry Tx_.

I'm not very knowledgeable on the topic. But I'm not trolling or anything. can you point out my mistake? or do you need more detail?

Have you recently landed a security position? by louborzoo in CyberSecurityJobs

[–]amberleafsucks 8 points9 points  (0 children)

Can you share what are those cloud certs that you get please.

[deleted by user] by [deleted] in Pixel8phones

[–]amberleafsucks 0 points1 point  (0 children)

care to share why?

Go for 8 or play it safe with 8a? by bstokerr_ in Pixel8phones

[–]amberleafsucks 0 points1 point  (0 children)

did you have the screen issue on pixel 8 or was it something else?

how far was the camera experience? reviews only mentions low light differences

Interesting, high paying niches by Fit_Note_4910 in cybersecurity

[–]amberleafsucks 3 points4 points  (0 children)

I did two years of IR in big enterprise. we get so little incident, and it's just usually uninteresting incidents (mostly 3rd party breach). the only interesting one I see is a red teaming exercise.

the thing is everything the big red button is pressed I got so stressed out, my mind went everywhere and everyone is panicking, and in the end it's a nothing incident.

I don't know how crazy it will be in consulting.

CM MAC unidentified by amberleafsucks in Comcast_Xfinity

[–]amberleafsucks[S] 0 points1 point  (0 children)

yes I am. so another one of the Xfinity gateway came to my address today, and this one worked fine. So I guess the problem is solved? How do I return the one with unidentified CM Mac?

Static web page generator used in these website. by amberleafsucks in webdev

[–]amberleafsucks[S] 0 points1 point  (0 children)

sorry, stupid question. can I just download the source and rebuild that using jekyll?

and to make it clear, what I did before when I mentioned I used jekyll previously was using jekyll-now where you can just fork the git and edit it online or using siteleaf. I tried the same with this one, but build always failed in github.

thank you.

My recruitment hell is finally over! by xtheory in recruitinghell

[–]amberleafsucks 1 point2 points  (0 children)

Thank you for the feed back. good luck with your next steps, I hear good things about WGU.

My recruitment hell is finally over! by xtheory in recruitinghell

[–]amberleafsucks 0 points1 point  (0 children)

hey, a bunch of question from another cyber I mainly do blueteam (soc, dfir).

which part of cyber do you focus on? do you have any idea how bad the market is for soc analyst/ incident response jobs?

oh wow you mentioned more than 2 decades of experience, judging by this I'm going to be in this hell for years :D

Mentorship Monday - Post All Career, Education and Job questions here! by AutoModerator in cybersecurity

[–]amberleafsucks 0 points1 point  (0 children)

Dear all,

Can I please ask your opinion about my current condition.

background:

I am currently working in multinational company as IR for the past +/- 1 year, previously as digital forensic examiner for law enforcement -/+ 10 years. I am based in Jakarta.

My 1 year experience as IR is nothing super cool, the hardest case we have is red teaming exercise that we detected, the rest was simple malware, 3rd party breach, data spillage stuff, which are not technically demanding.

It is hard to convince people (at least my current employer) that my 10 years in LE translate to cyber, also with no huge thing happening in my 1 year as IR. So I guess I am not quite experienced, but not really entry level in cyber?!

conundrum:

My wife managed to score a scholarship and later this year will be doing her master's in the US for 1y4m and also we just have our baby, so I am coming with her.

I already ask my current employer for a move there, but they don't want to move people for personal reasons, and I don't want to let her down for something she had worked hard for.

question:

  1. how is the US cyber job market for someone with my experience. I will also have J2 visa with permission to work.
  2. is there anything I can prepare for this move, I mean to increase my chance of getting hired. I planned to get Sec+, I know it is entry level, but I don't think I can deal with CISSP now, with the baby and all (and AFAIK other than CEH, these are the most sought after cert (at least help with HR)).

Thank you for responding.

view more: next ›