Hacker Newsnew | past | comments | ask | show | jobs | submit | MalacodaV's commentslogin

Many of us will have been there: You're trying to recruit for a role, you're in the interview and you think this candidate is rocking it! They're knocking every question you ask out of the park... But, there's the tiniest hint of doubt creeping in... Why is it consistently taking the candidate 4 seconds to respond to your questions? Is it a delay in Teams? Is it the shoddy WeWork WiFi network? Then it dawns on you, not like the sun rising above the horizon, but the headlights of our new robot overlords... They're parroting AI! But you can fight back against the machines, using these tried and tested techniques.


This is the second part in a two-part series on DNS rebinding. The first part covered a real-world exploit using DNS rebinding. In this post, we introduce new techniques for achieving reliable, split-second DNS rebinding in Chrome, Edge, and Safari when IPv6 is available, as well as a technique for bypassing the local network restrictions applied to the fetch API in Chromium-based browsers.


A new technique for performing DNS rebinding attacks in split-seconds against headless browsers to extract information from internal networks (like AWS metadata endpoints).


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: