➕ (What is Website defacement?)
➕ (In what ways are websites defaced?)
➕ (What is Domain/Subdomain Takeover?)
I've been wanting to write about this topic for a long time because as far as I can see, it is possible to hack a hundred thousand or even a million websites (more precisely, domains and subdomains) with this method. (Of course, I won't explain this part.)
A while ago, while browsing the zone sites used by threat actors, something caught my eye. This thing is exactly in the picture below.
When I saw the Github phrase, I immediately thought of github subdomain takeover and went to github and searched for the domain I saw.
I found the github account of the direct threat actor. Then I verified the html file and cname in the zone record.
I just noticed that he inherited 637 different domains and subdomains on this account. After reviewing a few of them, seeing that it deleted some cnames, I searched and found these deleted cnames on github again.
Also, this threat actor redirected the domains hacked from his new github profile to his own website.
Also, when I looked at the social media links in the threat actor's profile, I came across the abbreviations "Yupy Security" and "YP".
On the github profile of threat actor, the only account he followed was his side account, and his side account also had a twitter profile.
You can clearly see that all the profiles and deface processes I have described in this regard belong to a single person.
Result: MinakJinggo1337 = Minakk22 = b4ckl1nk = Zufan Ramadhan = zufan-yp = Yupy Syntax 0xYP = ypxploit = yupy28 (Using different usernames doesn't change the fact that you're retarded.)
- (URL)
Even though the environment is virtual, the crime committed is real! I wish you to be constructive, not destructive!
, Respects
X-Samurai