Many hijacked subdomains

[TPS]

According to another in a long-term series of articles, various subdomains of a number of Microsoft-owned domains have been hijacked.

Seizing subdomains. How I took over Microsoft subdomains and how to perform such attacks → https://github.com/EdOverflow/can-i-take-over-xyz has quite a lot of details re: & especially combatting this. Some of the problem involves CNAME hacking.

Hard lists of such seem difficult to find, but https://www.google.com/search?q=hijacked%20microsoft%20domains seems to give more pieces to the puzzle. (Perhaps whenever DNSSEC is widely deployed this'll no longer be an issue.)

[TPS]

Seizing subdomains. How I took over Microsoft subdomains and how to perform such attacks → https://github.com/EdOverflow/can-i-take-over-xyz has quite a lot of details re: & especially combatting this. Some of the problem involves CNAME hacking.

[DandelionSprout]

From how I understand the needed syntax, it unfortunately doesn't seem realistically possible to do with AdGuard DNS Filter, as the chance of false positives of legitimate subdomains on such domains is very high.

[TPS]

I opened this issue 3ya (!) as an FYI to @AdGuardTeam, so it really might be in the wrong repo per their current structure. Still, the problem is quite active (though some mitigations have been implemented by hosts), going by the issues' activity in the linked repo, so maybe the AG team is keeping this open & in mind as they develop more security tools?

[DandelionSprout]

I'm surprised myself that they never replied to you, but you can try your luck at https://github.com/AdguardTeam/AdguardFilters/issues, where replies are guaranteed within 1 week or so.

[TPS]

I'm not concerned. There's only 10 open issues here & (currently) 162 there, all to be triaged in a hurry. As you said, this is a thorny problem, & deserves more thorough attention.

[TPS]

@DandelionSprout I took your advice @ https://github.com/AdguardTeam/AdGuardDNS/issues/740. 🙇🏾‍♂️