Threat actors are constantly looking for new ways to evade detection, and most techniques are variations on familiar themes. The abuse of the .arpa TLD is novel in that it weaponizes infrastructure that is implicitly trusted and essential for network operations. By using IPv6 reverse DNS domains as malicious links, the threat actor has discovered a delivery mechanism that bypasses security tools. The impact is immediate and cannot be overstated: security that depends on detecting suspicious domains using things like reputation, registration information, and policy blocklists is ineffective for these domains. These domains have an implicitly clean reputation, no registration information, and aren’t usually blocked by policy.
我一直以为 Ulanzi 会搞这东西。
。新收录的资料对此有专业解读
20+ curated newsletters,详情可参考新收录的资料
Летящий из России во Вьетнам самолет подал сигнал бедствия20:53。关于这个话题,新收录的资料提供了深入分析
Premium Digital