Edward Wall

Computer Science Student

Ministry of Defence Domain Hijacking

The UK's Ministry of Defence left their secondary domain name vulnerable to domain takeover, despite using it for internal services.

Channel 4 Data Leak

Until recently Channel 4 was leaking the name, age and gender of every account holder by sending it over HTTP as a base 64 encoded JSON string.

Subdomain Takeover

Subdomain Takeover (or Subdomain Hijacking) is the act of taking control of a subdomain's content. It can occur when a subdomain which was using a third party service stops using the service but does not remove the DNS records pointing to the third party.

BrowseAloud users are still vulnerable

In February attackers injected a cryptominer into BrowseAloud's code which then ran on over 4000 websites which used the service. Three months later the vast majority of websites which were affected have not removed their vulnerability.

Cloudflare SAN Scan

Websites on the same Cloudflare account will share a TLS certificate. Cloudflare SAN Scan analyses past TLS certificates and finds other domains which are on the same Cloudflare account.