Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

us-east-1 is the most popular region at AWS. Since the name is in many domains, such as S3 domains, the author decided to purchase us-east-1.com to see if it got any exciting traffic. The connecting computers are likely misconfigured somehow, but it's interesting nonetheless. They are flat out, but this domain or some higher-level domain string was accidentally left out.

prod-backend-db.cc66xuedqt2t.us-east-1.com had the most DNS queries. Given that there's some random identifier, I'd expect this to be some hosted database service URL from AWS. The root domain had a lot of hits as well.

loopback-streaming.us-east-1.com is likely some internal testing URL at AWS because it has loopback.

Another interesting one was Cisco Static File Reputation Host. Apparently, this is part of the legacy version of their email security gateway. Since this domain is incorrect, this email security gateway is misconfigured and could allow malicious files into the org.

Many other domains like storagegateway.us-east-1.com and s3.us-east-1.com were in there as well. The author thinks it was from somebody types out the wrong domain by hand instead of copying it. It's weird that these lasted for this long, as I'd expect them to notice the errors in the returned data. My personal favorite was the final one: smtp.mail.us-east-1.com

They kept getting a lots of emails from the AWS test environments as well. It appears that these test domains were configured incorrectly. For instance, aws-supply-chain@us-east-1.gamma.app.ketchup.aws.dev sent loads of emails. This is interesting and could potentially lead to data exposure of testing accounts.

The security of this domain matters. To me, many of the requests would be a lot more if it was the expected result to the end user. Once it fails, they probably reconfigured things. A malicious adversary could have returned unintended data or harvested the data if it was a storage system like S3. Additionally, phishing can be an issue as well. Overall, a good write up and money well spent on the domain!