What’s in a [Domain] Name: DNS Leaks Your DataIn almost every industry, visibility is important. How can you give somebody a great experience if they can’t find you, right?

Well, I want to talk to you about some not so great forms of visibility, mainly all that DNS data that’s floating around the internet, pointing potential hackers to all the possible entry points they can use to get in.

There’s a lot of ways for hackers to do open-source intelligence gathering (OSINT). We’re talking internet registers.

Even search engines can give some juicy details that you didn’t know were out there.  But because of the sheer volume of intel someone who means you or your clients harm and the number of plug and play tools that are cropping up on the dark web, I’ve decided to focus on names, and how they’re dangerous things.

In folklore, you’re never supposed to give a fairy your “true name.”

That’s because you don’t know what they’ll do with it, and the average person wouldn’t know what they could do with it. There’s a surprising number of parallels in domains. Basically, locations on websites have domain names, but honestly, those are just nicknames so we can remember them. The IP address is where the action really is, and just like with fairies, you want to be careful who gets control of these. When someone is doing OSINT on one of your clients, domain name servers are appetizing because they help hackers geolocate targets and associate domains with IP addresses.

Remember those tools I mentioned earlier. Yeah, with those, a novice can use zone transfers to get whole DNS databases, harvest a war chest of publicly available information, and use brute force to take millions of guesses at which domains already exist. All of this comprise a DNS dumpster dive.

Now, you might be wondering why you should care about this.

After all, this info is all available to everyone. Surely, it can’t be that dangerous, can it? It gives a pretty clear picture of the digital landscape of companies. Imagine doing a bank job without a map of the interior. This is the exact same thing.

Unlike in those myths, there’s not a lot you can do to keep the bad guys from learning your client’s “true names,” but you can do your own white hat OSINT to make sure you find the cracks in their foundation before something bad happens. What else can you do? Keeping your clients up-to-date with a third-party analysis is a good place to start.