Critical vulnerabilities doesn't have to be complex or have a CVE -
publicly exposed their internal ClickHouse database to the world, without any authentication at all, and leaked sensitive data.
关键漏洞不必很复杂或有 CVE - 完全没有任何身份验证就将其内部 ClickHouse 数据库公开给全世界,并泄露了敏感数据。
No one is safe from security mistakes, follow along to learn more 
没有人能避免安全错误,请继续关注以了解更多信息
When facing the task of discovering vulnerabilities on a specific company, the first step is to identify the externally facing attack surface, and later exploiting potential vulnerabilities - in this case, the 2 steps combined all together.
当面临发现特定公司漏洞的任务时,第一步是识别面向外部的攻击面,然后利用潜在的漏洞——在这种情况下,这两个步骤结合在一起。
It all starts with DNS Discovery!
这一切都始于 DNS 发现!
Taking our target root domain (for Bug Bounty / Responsible Disclosure) such as deepseek[.]com, we will want to feed it into DNS Discovery tools, those divide to 2 main workflows - Passive & Active.
使用我们的目标根域(用于 Bug Bounty / Responsible Disclosure),例如 deepseek[.]com,我们希望将其输入到DNS发现工具中,这些工具分为两个主要工作流程 - 被动和主动。
In the passive sense, we want to query public DNS datasets all over the internet
在被动意义上,我们希望在整个互联网上查询公共 DNS 数据集
显示更多
Okay - so now we have a list of subdomains that are configured with some sort of DNS record and belong to our target.
好了 - 现在我们有一个子域列表,这些子域配置了某种 DNS 记录并属于我们的目标。
We want to narrow down the scope now to everything that is externally facing, and actively expose some sort of service (could be HTTP server or Network component
我们现在想把范围缩小到所有面向外部的东西,并主动公开某种服务(可以是 HTTP 服务器或网络组件
显示更多
In the meantime, while I started looking on all the assets we already discovered, I had another tool running in the background -
, what that tool does is simply checking whether there are any immediate HTTP & Network based misconfigurations on the servers we discovered.
与此同时,当我开始查看我们已经发现的所有资产时,我在后台运行了另一个工具 - ,那个工具的作用就是简单地检查我们发现的服务器上是否有任何直接的基于HTTP和网络的错误配置。
显示更多
