Jump to content
OpenSecurity.global

Kevin Beaumont

Members
  • Content Count

    228
  • Joined

  • Last visited

  • Days Won

    32
  • Invited by

    DarkOverlord

Everything posted by Kevin Beaumont

  1. I should also clarify, Akamai and AWS were really quick to respond on this, both jumped on it. The way we found out it was Tealium was because an employee's name was on the bucket.
  2. BinaryEdge.io too - haha. Another free service, https://app.binaryedge.io - use filter bluekeep.vulnerable:true
  3. No problem. Regarding Tealium notification, the logs included: IP address URL (get request including query strings) URL referrer date time browser user agent It also included some Tag customers, the Tag logs included referrers, rather than just Multi-CDN.
  4. Oh god, Grimsby massive! I used to live in Laceby @Joshua Rogers. The village with a corner shop, a church and... the turtles fan club.
  5. A quick update, they also had some tag logs in the MultiCDN bucket for some reason. Contents was URL referrer (ie customer URL of page with tag), date, time, browser user agent and IP address.
  6. Yep. The Immunity exploit is crap as it’s Win7 32 bit single core only (ie no desktop or laptop in a decade), the coming Metasploit module is Win7/2008 32 and 64 bit multi core supported. They may hold off release tho, dunno. Part of the reason this hasn’t been exploited is the exploits have been pretty crap so far.
  7. Nobody said you can do it without requiring OS and user changes - the thread specifically says you need them 😀 The government in this case requires people manually install a certificate to view HTTPS websites.
  8. Yep it got fixed pretty quick when I tracked down the owner, the bucket had an employee name on it thankfully which let me track down the company. It’s been open for years so I hope no businesses put tokens and such in GET requests 😅 I found it by accident when looking for our business data being exposed.
  9. Yep, got a thanks. Don’t want to post the guy’s full response as I went to somebody directly, and I suspect their message may evolve.
  10. Permissions fixed. Here's the list of data which was exposed: Bucket Filename Size | mcdn-logs.s3.amazonaws.com Axel/adeslassegurcaixa.Akamai.log 14.95MB | mcdn-logs.s3.amazonaws.com Axel/adeslassegurcaixa.EdgeCast.log.gz 24.72kB | mcdn-logs.s3.amazonaws.com Axel/adidas.Akamai.log 24.62GB | mcdn-logs.s3.amazonaws.com Axel/adidas.EdgeCast.log.gz 50.21MB | mcdn-logs.s3.amazonaws.com Axel/aegon.Akamai.log 83.04MB | mcdn-logs.s3.amazonaws.com Axel/aegon.EdgeCast.log.gz 67.09kB | mcdn-logs.s3.amazonaws.com Axel/aktionmensch.Akamai.log 99.38MB | mcdn-logs.s3.amazonaws.com Axel/aktionmensch.EdgeCast.log.gz 25.17kB | mcdn-logs.s3.amazonaws.com Axel/alliander.Akamai.log 8.66MB | mcdn-logs.s3.amazonaws.com Axel/alliander.EdgeCast.log.gz 8.71kB | mcdn-logs.s3.amazonaws.com Axel/allianz-at.Akamai.log 46.29MB | mcdn-logs.s3.amazonaws.com Axel/allianz-at.EdgeCast.log.gz 26.24kB | mcdn-logs.s3.amazonaws.com Axel/allianz-deutschland.Akamai.log 98.76MB | mcdn-logs.s3.amazonaws.com Axel/allianz-deutschland.EdgeCast.log.gz 89.62kB | mcdn-logs.s3.amazonaws.com Axel/allianz-se.Akamai.log 28.13MB | mcdn-logs.s3.amazonaws.com Axel/allianz-se.EdgeCast.log.gz 1.83kB | mcdn-logs.s3.amazonaws.com Axel/amadeus.Akamai.log 132.65MB | mcdn-logs.s3.amazonaws.com Axel/amadeus.EdgeCast.log.gz 69.54kB | mcdn-logs.s3.amazonaws.com Axel/ao.Akamai.log 104.12GB | mcdn-logs.s3.amazonaws.com Axel/ao.EdgeCast.log.gz 17.45MB | mcdn-logs.s3.amazonaws.com Axel/arriva.Akamai.log 1.26GB | mcdn-logs.s3.amazonaws.com Axel/arriva.EdgeCast.log.gz 955.33kB | mcdn-logs.s3.amazonaws.com Axel/asr.Akamai.log 564.96MB | mcdn-logs.s3.amazonaws.com Axel/asr.EdgeCast.log.gz 559.59kB | mcdn-logs.s3.amazonaws.com Axel/astrazeneca.Akamai.log 167.23MB | mcdn-logs.s3.amazonaws.com Axel/astrazeneca.EdgeCast.log.gz 1.59MB | mcdn-logs.s3.amazonaws.com Axel/atg.Akamai.log 1.75GB | mcdn-logs.s3.amazonaws.com Axel/atg.EdgeCast.log.gz 2.16MB | mcdn-logs.s3.amazonaws.com Axel/autotrader.Akamai.log 1.63GB | mcdn-logs.s3.amazonaws.com Axel/autotrader.EdgeCast.log.gz 9.31MB | mcdn-logs.s3.amazonaws.com Axel/avisbudgetgroup.Akamai.log 2.34GB | mcdn-logs.s3.amazonaws.com Axel/avisbudgetgroup.EdgeCast.log.gz 3.35MB | mcdn-logs.s3.amazonaws.com Axel/axelspringer.Akamai.log 55.09GB | mcdn-logs.s3.amazonaws.com Axel/axelspringer.EdgeCast.log.gz 38.06MB | mcdn-logs.s3.amazonaws.com Axel/bahntms.Akamai.log 1.14GB | mcdn-logs.s3.amazonaws.com Axel/bahntms.EdgeCast.log.gz 855.36kB | mcdn-logs.s3.amazonaws.com Axel/bancopopular.Akamai.log 408.83MB | mcdn-logs.s3.amazonaws.com Axel/bancopopular.EdgeCast.log.gz 282.25kB | mcdn-logs.s3.amazonaws.com Axel/barcelohotels.Akamai.log 1.93MB | mcdn-logs.s3.amazonaws.com Axel/barcelohotels.EdgeCast.log.gz 47.00B | mcdn-logs.s3.amazonaws.com Axel/barmer.gek.Akamai.log 303.75MB | mcdn-logs.s3.amazonaws.com Axel/barmer.gek.EdgeCast.log.gz 23.98kB | mcdn-logs.s3.amazonaws.com Axel/basf.Akamai.log 166.05MB | mcdn-logs.s3.amazonaws.com Axel/basf.EdgeCast.log.gz 194.81kB | mcdn-logs.s3.amazonaws.com Axel/bbva.Akamai.log 4.89GB | mcdn-logs.s3.amazonaws.com Axel/bbva.EdgeCast.log.gz 3.40MB | mcdn-logs.s3.amazonaws.com Axel/belgacom.Akamai.log 734.51MB | mcdn-logs.s3.amazonaws.com Axel/belgacom.EdgeCast.log.gz 7.29MB | mcdn-logs.s3.amazonaws.com Axel/beslist.Akamai.log 571.59MB | mcdn-logs.s3.amazonaws.com Axel/beslist.EdgeCast.log.gz 1.67MB | mcdn-logs.s3.amazonaws.com Axel/betvictor.Akamai.log 33.47MB | mcdn-logs.s3.amazonaws.com Axel/betvictor.EdgeCast.log.gz 549.01kB | mcdn-logs.s3.amazonaws.com Axel/bg-thinktank.Akamai.log 0.00B | mcdn-logs.s3.amazonaws.com Axel/bg-thinktank.EdgeCast.log.gz 256.00B | mcdn-logs.s3.amazonaws.com Axel/blackrock.Akamai.log 565.81MB | mcdn-logs.s3.amazonaws.com Axel/blackrock.EdgeCast.log.gz 1.60MB | mcdn-logs.s3.amazonaws.com Axel/bmw.Akamai.log 1.01GB | mcdn-logs.s3.amazonaws.com Axel/bmw.EdgeCast.log.gz 193.64kB | mcdn-logs.s3.amazonaws.com Axel/bnd.Akamai.log 266.92MB | mcdn-logs.s3.amazonaws.com Axel/bnd.EdgeCast.log.gz 212.36kB | mcdn-logs.s3.amazonaws.com Axel/booking.com.Akamai.log 291.87GB | mcdn-logs.s3.amazonaws.com Axel/booking.com.EdgeCast.log.gz 286.86MB | mcdn-logs.s3.amazonaws.com Axel/bradycorp.Akamai.log 71.47MB | mcdn-logs.s3.amazonaws.com Axel/bradycorp.EdgeCast.log.gz 290.99kB | mcdn-logs.s3.amazonaws.com Axel/britax-emea.Akamai.log 8.59MB | mcdn-logs.s3.amazonaws.com Axel/britax-emea.EdgeCast.log.gz 2.83kB | mcdn-logs.s3.amazonaws.com Axel/brusselsairlines.Akamai.log 710.15MB | mcdn-logs.s3.amazonaws.com Axel/brusselsairlines.EdgeCast.log.gz 776.79kB | mcdn-logs.s3.amazonaws.com Axel/bupa.Akamai.log 262.47MB | mcdn-logs.s3.amazonaws.com Axel/bupa.EdgeCast.log.gz 1.48MB | mcdn-logs.s3.amazonaws.com Axel/camelot.Akamai.log 545.98MB | mcdn-logs.s3.amazonaws.com Axel/camelot.EdgeCast.log.gz 7.69MB | mcdn-logs.s3.amazonaws.com Axel/canoneurope.Akamai.log 2.05GB | mcdn-logs.s3.amazonaws.com Axel/canoneurope.EdgeCast.log.gz 1.84MB | mcdn-logs.s3.amazonaws.com Axel/carglass.Akamai.log 3.31MB | mcdn-logs.s3.amazonaws.com Axel/carglass.EdgeCast.log.gz 6.65kB | mcdn-logs.s3.amazonaws.com Axel/caser.Akamai.log 64.41MB | mcdn-logs.s3.amazonaws.com Axel/caser.EdgeCast.log.gz 37.73kB | mcdn-logs.s3.amazonaws.com Axel/cineworld.Akamai.log 236.58MB | mcdn-logs.s3.amazonaws.com Axel/cineworld.EdgeCast.log.gz 1.09MB | mcdn-logs.s3.amazonaws.com Axel/colruytgroup.Akamai.log 194.93MB | mcdn-logs.s3.amazonaws.com Axel/colruytgroup.EdgeCast.log.gz 850.05kB | mcdn-logs.s3.amazonaws.com Axel/condenast.Akamai.log 201.47kB | mcdn-logs.s3.amazonaws.com Axel/condenast.EdgeCast.log.gz 557.00B | mcdn-logs.s3.amazonaws.com Axel/consumentenbond.Akamai.log 151.69MB | mcdn-logs.s3.amazonaws.com Axel/consumentenbond.EdgeCast.log.gz 168.78kB | mcdn-logs.s3.amazonaws.com Axel/coop-ch.Akamai.log 682.40MB | mcdn-logs.s3.amazonaws.com Axel/coop-ch.EdgeCast.log.gz 256.43kB | mcdn-logs.s3.amazonaws.com Axel/coop-dk.Akamai.log 502.12MB | mcdn-logs.s3.amazonaws.com Axel/coop-dk.EdgeCast.log.gz 192.43kB | mcdn-logs.s3.amazonaws.com Axel/coopbank-uk.Akamai.log 132.36MB | mcdn-logs.s3.amazonaws.com Axel/coopbank-uk.EdgeCast.log.gz 893.59kB | mcdn-logs.s3.amazonaws.com Axel/corelio.Akamai.log 14.14GB | mcdn-logs.s3.amazonaws.com Axel/corelio.EdgeCast.log.gz 8.40MB | mcdn-logs.s3.amazonaws.com Axel/ctshirts.Akamai.log 267.79MB | mcdn-logs.s3.amazonaws.com Axel/ctshirts.EdgeCast.log.gz 1.82MB | mcdn-logs.s3.amazonaws.com Axel/debenhams.Akamai.log 1.58GB | mcdn-logs.s3.amazonaws.com Axel/debenhams.EdgeCast.log.gz 8.06MB | mcdn-logs.s3.amazonaws.com Axel/deltalloyd.Akamai.log 21.81MB | mcdn-logs.s3.amazonaws.com Axel/deltalloyd.EdgeCast.log.gz 22.04kB | mcdn-logs.s3.amazonaws.com Axel/depauli.Akamai.log 179.84MB | mcdn-logs.s3.amazonaws.com Axel/depauli.EdgeCast.log.gz 101.09kB | mcdn-logs.s3.amazonaws.com Axel/deutschawm.Akamai.log 0.00B | mcdn-logs.s3.amazonaws.com Axel/deutschawm.EdgeCast.log.gz 44.00B | mcdn-logs.s3.amazonaws.com Axel/diesel.Akamai.log 1.26GB | mcdn-logs.s3.amazonaws.com Axel/diesel.EdgeCast.log.gz 1.54MB | mcdn-logs.s3.amazonaws.com Axel/dnb.Akamai.log 870.94MB | mcdn-logs.s3.amazonaws.com Axel/dnb.EdgeCast.log.gz 825.87kB | mcdn-logs.s3.amazonaws.com Axel/dtcm.Akamai.log 1.33GB | mcdn-logs.s3.amazonaws.com Axel/dtcm.EdgeCast.log.gz 646.65kB | mcdn-logs.s3.amazonaws.com Axel/easyfundraising.Akamai.log 23.77MB | mcdn-logs.s3.amazonaws.com Axel/easyfundraising.EdgeCast.log.gz 94.83kB | mcdn-logs.s3.amazonaws.com Axel/edynamics.Akamai.log 490.48kB | mcdn-logs.s3.amazonaws.com Axel/edynamics.EdgeCast.log.gz 43.00B | mcdn-logs.s3.amazonaws.com Axel/ee.Akamai.log 245.06GB | mcdn-logs.s3.amazonaws.com Axel/ee.EdgeCast.log.gz 211.55MB | mcdn-logs.s3.amazonaws.com Axel/elililly.Akamai.log 4.18MB | mcdn-logs.s3.amazonaws.com Axel/elililly.EdgeCast.log.gz 14.33kB | mcdn-logs.s3.amazonaws.com Axel/emoov.Akamai.log 1.46MB | mcdn-logs.s3.amazonaws.com Axel/emoov.EdgeCast.log.gz 10.27kB | mcdn-logs.s3.amazonaws.com Axel/enbw.Akamai.log 5.22MB | mcdn-logs.s3.amazonaws.com Axel/enbw.EdgeCast.log.gz 4.54kB | mcdn-logs.s3.amazonaws.com Axel/eos.commerce.ag.Akamai.log 337.83MB | mcdn-logs.s3.amazonaws.com Axel/eos.commerce.ag.EdgeCast.log.gz 111.89kB | mcdn-logs.s3.amazonaws.com Axel/epi.Akamai.log 8.59GB | mcdn-logs.s3.amazonaws.com Axel/epi.EdgeCast.log.gz 6.74MB | mcdn-logs.s3.amazonaws.com Axel/fashionid.Akamai.log 745.15MB | mcdn-logs.s3.amazonaws.com Axel/fashionid.EdgeCast.log.gz 508.65kB | mcdn-logs.s3.amazonaws.com Axel/firstrate.Akamai.log 43.82MB | mcdn-logs.s3.amazonaws.com Axel/firstrate.EdgeCast.log.gz 222.41kB | mcdn-logs.s3.amazonaws.com Axel/francetv.Akamai.log 132.83MB | mcdn-logs.s3.amazonaws.com Axel/francetv.EdgeCast.log.gz 161.54kB | mcdn-logs.s3.amazonaws.com Axel/funda.Akamai.log 1.33GB | mcdn-logs.s3.amazonaws.com Axel/funda.EdgeCast.log.gz 271.15kB | mcdn-logs.s3.amazonaws.com Axel/fxclub.Akamai.log 2.44GB | mcdn-logs.s3.amazonaws.com Axel/fxclub.EdgeCast.log.gz 1.95MB | mcdn-logs.s3.amazonaws.com Axel/gadventures.Akamai.log 154.41MB | mcdn-logs.s3.amazonaws.com Axel/gadventures.EdgeCast.log.gz 623.83kB | mcdn-logs.s3.amazonaws.com Axel/gamesys.Akamai.log 170.70MB | mcdn-logs.s3.amazonaws.com Axel/gamesys.EdgeCast.log.gz 4.78MB | mcdn-logs.s3.amazonaws.com Axel/gjensidige.Akamai.log 53.10MB | mcdn-logs.s3.amazonaws.com Axel/gjensidige.EdgeCast.log.gz 44.50kB | mcdn-logs.s3.amazonaws.com Axel/gmg.Akamai.log 488.49MB | mcdn-logs.s3.amazonaws.com Axel/gmg.EdgeCast.log.gz 1.22MB | mcdn-logs.s3.amazonaws.com Axel/goertz.Akamai.log 423.36MB | mcdn-logs.s3.amazonaws.com Axel/goertz.EdgeCast.log.gz 297.06kB | mcdn-logs.s3.amazonaws.com Axel/golfbreaks.Akamai.log 7.59MB | mcdn-logs.s3.amazonaws.com Axel/golfbreaks.EdgeCast.log.gz 55.51kB | mcdn-logs.s3.amazonaws.com Axel/grain-data-consultants.Akamai.log 38.62kB | mcdn-logs.s3.amazonaws.com Axel/grain-data-consultants.EdgeCast.log.gz 659.00B | mcdn-logs.s3.amazonaws.com Axel/grupozeta.Akamai.log 11.50GB | mcdn-logs.s3.amazonaws.com Axel/grupozeta.EdgeCast.log.gz 26.51MB | mcdn-logs.s3.amazonaws.com Axel/gsmg.Akamai.log 3.10GB | mcdn-logs.s3.amazonaws.com Axel/gsmg.EdgeCast.log.gz 2.34MB | mcdn-logs.s3.amazonaws.com Axel/haymarket.Akamai.log 6.75GB | mcdn-logs.s3.amazonaws.com Axel/haymarket.EdgeCast.log.gz 8.36MB | mcdn-logs.s3.amazonaws.com Axel/hcauk-healthcare.Akamai.log 810.80kB | mcdn-logs.s3.amazonaws.com Axel/hcauk-healthcare.EdgeCast.log.gz 50.00B | mcdn-logs.s3.amazonaws.com Axel/heineken.Akamai.log 129.11MB | mcdn-logs.s3.amazonaws.com Axel/heineken.EdgeCast.log.gz 24.14kB | mcdn-logs.s3.amazonaws.com Axel/here.Akamai.log 5.86GB | mcdn-logs.s3.amazonaws.com Axel/here.EdgeCast.log.gz 4.10MB | mcdn-logs.s3.amazonaws.com Axel/hm.Akamai.log 38.83GB | mcdn-logs.s3.amazonaws.com Axel/hm.EdgeCast.log.gz 43.84MB | mcdn-logs.s3.amazonaws.com Axel/hotelopia.Akamai.log 103.11MB | mcdn-logs.s3.amazonaws.com Axel/hotelopia.EdgeCast.log.gz 103.75kB | mcdn-logs.s3.amazonaws.com Axel/hrs.Akamai.log 2.21GB | mcdn-logs.s3.amazonaws.com Axel/hrs.EdgeCast.log.gz 1.85MB | mcdn-logs.s3.amazonaws.com Axel/hsbc.Akamai.log 25.06GB | mcdn-logs.s3.amazonaws.com Axel/hsbc.EdgeCast.log.gz 16.35MB | mcdn-logs.s3.amazonaws.com Axel/hsx.Akamai.log 199.45MB | mcdn-logs.s3.amazonaws.com Axel/hsx.EdgeCast.log.gz 594.30kB | mcdn-logs.s3.amazonaws.com Axel/idealista.Akamai.log 1.88GB | mcdn-logs.s3.amazonaws.com Axel/idealista.EdgeCast.log.gz 3.86MB | mcdn-logs.s3.amazonaws.com Axel/ikea.Akamai.log 33.55GB | mcdn-logs.s3.amazonaws.com Axel/ikea.EdgeCast.log.gz 97.48MB | mcdn-logs.s3.amazonaws.com Axel/immobilienscout.Akamai.log 43.18GB | mcdn-logs.s3.amazonaws.com Axel/immobilienscout.EdgeCast.log.gz 3.24MB | mcdn-logs.s3.amazonaws.com Axel/kaplan.Akamai.log 340.79MB | mcdn-logs.s3.amazonaws.com Axel/kaplan.EdgeCast.log.gz 183.55kB | mcdn-logs.s3.amazonaws.com Axel/kaxmedia.Akamai.log 3.26MB | mcdn-logs.s3.amazonaws.com Axel/kaxmedia.EdgeCast.log.gz 16.31kB | mcdn-logs.s3.amazonaws.com Axel/kingfisher.Akamai.log 875.56MB | mcdn-logs.s3.amazonaws.com Axel/kingfisher.EdgeCast.log.gz 5.84MB | mcdn-logs.s3.amazonaws.com Axel/kwf-adversitement.Akamai.log 8.16MB | mcdn-logs.s3.amazonaws.com Axel/kwf-adversitement.EdgeCast.log.gz 11.71kB | mcdn-logs.s3.amazonaws.com Axel/leguide.Akamai.log 56.94MB | mcdn-logs.s3.amazonaws.com Axel/leguide.EdgeCast.log.gz 52.46kB | mcdn-logs.s3.amazonaws.com Axel/leroymerlinit.Akamai.log 198.97MB | mcdn-logs.s3.amazonaws.com Axel/leroymerlinit.EdgeCast.log.gz 817.83kB | mcdn-logs.s3.amazonaws.com Axel/lgi.Akamai.log 3.02GB | mcdn-logs.s3.amazonaws.com Axel/lgi.EdgeCast.log.gz 5.96MB | mcdn-logs.s3.amazonaws.com Axel/liberty-seguros.Akamai.log 11.98MB | mcdn-logs.s3.amazonaws.com Axel/liberty-seguros.EdgeCast.log.gz 22.80kB | mcdn-logs.s3.amazonaws.com Axel/lineadirecta.Akamai.log 124.67MB | mcdn-logs.s3.amazonaws.com Axel/lineadirecta.EdgeCast.log.gz 266.59kB | mcdn-logs.s3.amazonaws.com Axel/lloyds.Akamai.log 341.41MB | mcdn-logs.s3.amazonaws.com Axel/lloyds.EdgeCast.log.gz 1.25MB | mcdn-logs.s3.amazonaws.com Axel/lottery-ie.Akamai.log 288.09MB | mcdn-logs.s3.amazonaws.com Axel/lottery-ie.EdgeCast.log.gz 563.37kB | mcdn-logs.s3.amazonaws.com Axel/louisvuitton.Akamai.log 255.12MB | mcdn-logs.s3.amazonaws.com Axel/louisvuitton.EdgeCast.log.gz 9.30kB | mcdn-logs.s3.amazonaws.com Axel/lufthansa.Akamai.log 5.60GB | mcdn-logs.s3.amazonaws.com Axel/lufthansa.EdgeCast.log.gz 5.62MB | mcdn-logs.s3.amazonaws.com Axel/mainova.Akamai.log 8.08MB | mcdn-logs.s3.amazonaws.com Axel/mainova.EdgeCast.log.gz 7.47kB | mcdn-logs.s3.amazonaws.com Axel/marksandspencer.Akamai.log 1.30GB | mcdn-logs.s3.amazonaws.com Axel/marksandspencer.EdgeCast.log.gz 5.38MB | mcdn-logs.s3.amazonaws.com Axel/maxdome.Akamai.log 813.72MB | mcdn-logs.s3.amazonaws.com Axel/maxdome.EdgeCast.log.gz 1.69MB | mcdn-logs.s3.amazonaws.com Axel/maxmara.Akamai.log 517.49MB | mcdn-logs.s3.amazonaws.com Axel/maxmara.EdgeCast.log.gz 1.07MB | mcdn-logs.s3.amazonaws.com Axel/mbna.Akamai.log 225.92MB | mcdn-logs.s3.amazonaws.com Axel/mbna.EdgeCast.log.gz 0.97MB | mcdn-logs.s3.amazonaws.com Axel/mcdonalds.Akamai.log 752.19MB | mcdn-logs.s3.amazonaws.com Axel/mcdonalds.EdgeCast.log.gz 106.91kB | mcdn-logs.s3.amazonaws.com Axel/mediaset.Akamai.log 4.19GB | mcdn-logs.s3.amazonaws.com Axel/mediaset.EdgeCast.log.gz 21.06MB | mcdn-logs.s3.amazonaws.com Axel/melia.Akamai.log 5.42GB | mcdn-logs.s3.amazonaws.com Axel/melia.EdgeCast.log.gz 7.25MB | mcdn-logs.s3.amazonaws.com Axel/merck.Akamai.log 400.12MB | mcdn-logs.s3.amazonaws.com Axel/merck.EdgeCast.log.gz 3.71MB | mcdn-logs.s3.amazonaws.com Axel/milkround.Akamai.log 163.99kB | mcdn-logs.s3.amazonaws.com Axel/milkround.EdgeCast.log.gz 670.00B | mcdn-logs.s3.amazonaws.com Axel/missetam.Akamai.log 0.00B | mcdn-logs.s3.amazonaws.com Axel/missetam.EdgeCast.log.gz 42.00B | mcdn-logs.s3.amazonaws.com Axel/missguided.com.Akamai.log 275.99MB | mcdn-logs.s3.amazonaws.com Axel/missguided.com.EdgeCast.log.gz 2.14MB | mcdn-logs.s3.amazonaws.com Axel/mobistar.Akamai.log 103.91MB | mcdn-logs.s3.amazonaws.com Axel/mobistar.EdgeCast.log.gz 666.60kB | mcdn-logs.s3.amazonaws.com Axel/monclick.Akamai.log 69.91MB | mcdn-logs.s3.amazonaws.com Axel/monclick.EdgeCast.log.gz 556.98kB | mcdn-logs.s3.amazonaws.com Axel/mumsnet.Akamai.log 420.94kB | mcdn-logs.s3.amazonaws.com Axel/mumsnet.EdgeCast.log.gz 41.00B | mcdn-logs.s3.amazonaws.com Axel/mutuamadrilena.Akamai.log 103.04MB | mcdn-logs.s3.amazonaws.com Axel/mutuamadrilena.EdgeCast.log.gz 198.12kB | mcdn-logs.s3.amazonaws.com Axel/nbty.Akamai.log 311.73MB | mcdn-logs.s3.amazonaws.com Axel/nbty.EdgeCast.log.gz 1.68MB | mcdn-logs.s3.amazonaws.com Axel/newsinternational.Akamai.log 17.47GB | mcdn-logs.s3.amazonaws.com Axel/newsinternational.EdgeCast.log.gz 51.94MB | mcdn-logs.s3.amazonaws.com Axel/newsquestdm.Akamai.log 1.18GB | mcdn-logs.s3.amazonaws.com Axel/newsquestdm.EdgeCast.log.gz 6.90MB | mcdn-logs.s3.amazonaws.com Axel/nh-hoteles.Akamai.log 320.61MB | mcdn-logs.s3.amazonaws.com Axel/nh-hoteles.EdgeCast.log.gz 509.14kB | mcdn-logs.s3.amazonaws.com Axel/nisbets.Akamai.log 70.24MB | mcdn-logs.s3.amazonaws.com Axel/nisbets.EdgeCast.log.gz 408.85kB | mcdn-logs.s3.amazonaws.com Axel/nordea.Akamai.log 3.03MB | mcdn-logs.s3.amazonaws.com Axel/nordea.EdgeCast.log.gz 3.35kB | mcdn-logs.s3.amazonaws.com Axel/norsktipping.Akamai.log 599.73MB | mcdn-logs.s3.amazonaws.com Axel/norsktipping.EdgeCast.log.gz 668.45kB | mcdn-logs.s3.amazonaws.com Axel/northern-and-shell.Akamai.log 19.48GB | mcdn-logs.s3.amazonaws.com Axel/northern-and-shell.EdgeCast.log.gz 43.69MB | mcdn-logs.s3.amazonaws.com Axel/npower.Akamai.log 18.06MB | mcdn-logs.s3.amazonaws.com Axel/npower.EdgeCast.log.gz 1.70kB | mcdn-logs.s3.amazonaws.com Axel/obos.Akamai.log 24.96GB | mcdn-logs.s3.amazonaws.com Axel/obos.EdgeCast.log.gz 2.79MB | mcdn-logs.s3.amazonaws.com Axel/oev.Akamai.log 760.52MB | mcdn-logs.s3.amazonaws.com Axel/oev.EdgeCast.log.gz 316.64kB | mcdn-logs.s3.amazonaws.com Axel/option24.Akamai.log 416.19MB | mcdn-logs.s3.amazonaws.com Axel/option24.EdgeCast.log.gz 468.42kB | mcdn-logs.s3.amazonaws.com Axel/orange-es.Akamai.log 710.79MB | mcdn-logs.s3.amazonaws.com Axel/orange-es.EdgeCast.log.gz 5.44MB | mcdn-logs.s3.amazonaws.com Axel/orange.Akamai.log 6.68GB | mcdn-logs.s3.amazonaws.com Axel/orange.EdgeCast.log.gz 43.56MB | mcdn-logs.s3.amazonaws.com Axel/orangech.Akamai.log 560.28kB | mcdn-logs.s3.amazonaws.com Axel/orangech.EdgeCast.log.gz 619.00B | mcdn-logs.s3.amazonaws.com Axel/pandora.Akamai.log 3.85GB | mcdn-logs.s3.amazonaws.com Axel/pandora.EdgeCast.log.gz 15.44MB | mcdn-logs.s3.amazonaws.com Axel/partenamut.Akamai.log 30.06MB | mcdn-logs.s3.amazonaws.com Axel/partenamut.EdgeCast.log.gz 98.30kB | mcdn-logs.s3.amazonaws.com Axel/pictet.Akamai.log 0.96MB | mcdn-logs.s3.amazonaws.com Axel/pictet.EdgeCast.log.gz 684.00B | mcdn-logs.s3.amazonaws.com Axel/pon.Akamai.log 74.66GB | mcdn-logs.s3.amazonaws.com Axel/pon.EdgeCast.log.gz 32.96MB | mcdn-logs.s3.amazonaws.com Axel/porsche-at.Akamai.log 621.86MB | mcdn-logs.s3.amazonaws.com Axel/porsche-at.EdgeCast.log.gz 330.58kB | mcdn-logs.s3.amazonaws.com Axel/postbank.Akamai.log 10.32MB | mcdn-logs.s3.amazonaws.com Axel/postbank.EdgeCast.log.gz 42.00B | mcdn-logs.s3.amazonaws.com Axel/pro7.Akamai.log 7.65GB | mcdn-logs.s3.amazonaws.com Axel/pro7.EdgeCast.log.gz 5.38MB | mcdn-logs.s3.amazonaws.com Axel/pulsecomms.Akamai.log 5.62MB | mcdn-logs.s3.amazonaws.com Axel/pulsecomms.EdgeCast.log.gz 5.60kB | mcdn-logs.s3.amazonaws.com Axel/qvc.Akamai.log 3.68GB | mcdn-logs.s3.amazonaws.com Axel/qvc.EdgeCast.log.gz 44.79MB | mcdn-logs.s3.amazonaws.com Axel/rakuten.Akamai.log 10.08GB | mcdn-logs.s3.amazonaws.com Axel/rakuten.EdgeCast.log.gz 617.34kB | mcdn-logs.s3.amazonaws.com Axel/rankgaming.Akamai.log 49.55MB | mcdn-logs.s3.amazonaws.com Axel/rankgaming.EdgeCast.log.gz 1.08MB | mcdn-logs.s3.amazonaws.com Axel/raumfeld.Akamai.log 408.89MB | mcdn-logs.s3.amazonaws.com Axel/raumfeld.EdgeCast.log.gz 239.09kB | mcdn-logs.s3.amazonaws.com Axel/robeco.Akamai.log 4.60MB | mcdn-logs.s3.amazonaws.com Axel/robeco.EdgeCast.log.gz 7.48kB | mcdn-logs.s3.amazonaws.com Axel/robert-bosch.Akamai.log 1.75MB | mcdn-logs.s3.amazonaws.com Axel/robert-bosch.EdgeCast.log.gz 1.99kB | mcdn-logs.s3.amazonaws.com Axel/royalmail.Akamai.log 517.24MB | mcdn-logs.s3.amazonaws.com Axel/royalmail.EdgeCast.log.gz 1.65MB | mcdn-logs.s3.amazonaws.com Axel/sabadell.Akamai.log 1.43GB | mcdn-logs.s3.amazonaws.com Axel/sabadell.EdgeCast.log.gz 2.25MB | mcdn-logs.s3.amazonaws.com Axel/sage.Akamai.log 42.78GB | mcdn-logs.s3.amazonaws.com Axel/sage.EdgeCast.log.gz 1.45MB | mcdn-logs.s3.amazonaws.com Axel/sanitas.Akamai.log 12.51MB | mcdn-logs.s3.amazonaws.com Axel/sanitas.EdgeCast.log.gz 13.59kB | mcdn-logs.s3.amazonaws.com Axel/sanoma.Akamai.log 4.63GB | mcdn-logs.s3.amazonaws.com Axel/sanoma.EdgeCast.log.gz 9.10MB | mcdn-logs.s3.amazonaws.com Axel/santander.Akamai.log 174.30GB | mcdn-logs.s3.amazonaws.com Axel/santander.EdgeCast.log.gz 23.33MB | mcdn-logs.s3.amazonaws.com Axel/schibsted.Akamai.log 82.38GB | mcdn-logs.s3.amazonaws.com Axel/schibsted.EdgeCast.log.gz 94.97MB | mcdn-logs.s3.amazonaws.com Axel/schweizerischepost.Akamai.log 0.99GB | mcdn-logs.s3.amazonaws.com Axel/schweizerischepost.EdgeCast.log.gz 200.00kB | mcdn-logs.s3.amazonaws.com Axel/sdv-it.Akamai.log 21.75kB | mcdn-logs.s3.amazonaws.com Axel/sdv-it.EdgeCast.log.gz 40.00B | mcdn-logs.s3.amazonaws.com Axel/selfridges.Akamai.log 509.35MB | mcdn-logs.s3.amazonaws.com Axel/selfridges.EdgeCast.log.gz 1.13MB | mcdn-logs.s3.amazonaws.com Axel/sick.Akamai.log 464.56MB | mcdn-logs.s3.amazonaws.com Axel/sick.EdgeCast.log.gz 100.98kB | mcdn-logs.s3.amazonaws.com Axel/sisal.Akamai.log 561.39MB | mcdn-logs.s3.amazonaws.com Axel/sisal.EdgeCast.log.gz 2.01MB | mcdn-logs.s3.amazonaws.com Axel/snowandrock.Akamai.log 4.51kB | mcdn-logs.s3.amazonaws.com Axel/snowandrock.EdgeCast.log.gz 45.00B | mcdn-logs.s3.amazonaws.com Axel/stenalinetealium.Akamai.log 472.33MB | mcdn-logs.s3.amazonaws.com Axel/stenalinetealium.EdgeCast.log.gz 614.82kB | mcdn-logs.s3.amazonaws.com Axel/swisscom.Akamai.log 6.90GB | mcdn-logs.s3.amazonaws.com Axel/swisscom.EdgeCast.log.gz 1.08MB | mcdn-logs.s3.amazonaws.com Axel/t-systems.Akamai.log 59.31MB | mcdn-logs.s3.amazonaws.com Axel/t-systems.EdgeCast.log.gz 2.41kB | mcdn-logs.s3.amazonaws.com Axel/takeaway.Akamai.log 145.92MB | mcdn-logs.s3.amazonaws.com Axel/takeaway.EdgeCast.log.gz 7.73kB | mcdn-logs.s3.amazonaws.com Axel/tdc-group.Akamai.log 754.62MB | mcdn-logs.s3.amazonaws.com Axel/tdc-group.EdgeCast.log.gz 545.77kB | mcdn-logs.s3.amazonaws.com Axel/tedbaker.Akamai.log 721.05MB | mcdn-logs.s3.amazonaws.com Axel/tedbaker.EdgeCast.log.gz 2.89MB | mcdn-logs.s3.amazonaws.com Axel/telefonica.Akamai.log 1.08GB | mcdn-logs.s3.amazonaws.com Axel/telefonica.EdgeCast.log.gz 1.78MB | mcdn-logs.s3.amazonaws.com Axel/telekom.Akamai.log 108.22GB | mcdn-logs.s3.amazonaws.com Axel/telekom.EdgeCast.log.gz 11.13MB | mcdn-logs.s3.amazonaws.com Axel/telenor-global.Akamai.log 70.51MB | mcdn-logs.s3.amazonaws.com Axel/telenor-global.EdgeCast.log.gz 48.29kB | mcdn-logs.s3.amazonaws.com Axel/telenor.Akamai.log 570.52MB | mcdn-logs.s3.amazonaws.com Axel/telenor.EdgeCast.log.gz 840.51kB | mcdn-logs.s3.amazonaws.com Axel/tfl.Akamai.log 1.78GB | mcdn-logs.s3.amazonaws.com Axel/tfl.EdgeCast.log.gz 3.09MB | mcdn-logs.s3.amazonaws.com Axel/theaa.Akamai.log 119.61MB | mcdn-logs.s3.amazonaws.com Axel/theaa.EdgeCast.log.gz 1.05MB | mcdn-logs.s3.amazonaws.com Axel/thesedays.Akamai.log 0.00B | mcdn-logs.s3.amazonaws.com Axel/thesedays.EdgeCast.log.gz 43.00B | mcdn-logs.s3.amazonaws.com Axel/tmggroup.Akamai.log 3.69GB | mcdn-logs.s3.amazonaws.com Axel/tmggroup.EdgeCast.log.gz 5.49MB | mcdn-logs.s3.amazonaws.com Axel/tomtom.Akamai.log 1.59GB | mcdn-logs.s3.amazonaws.com Axel/tomtom.EdgeCast.log.gz 2.43MB | mcdn-logs.s3.amazonaws.com Axel/totalms.Akamai.log 185.47MB | mcdn-logs.s3.amazonaws.com Axel/totalms.EdgeCast.log.gz 234.77kB | mcdn-logs.s3.amazonaws.com Axel/trendmicro.Akamai.log 1.61GB | mcdn-logs.s3.amazonaws.com Axel/trendmicro.EdgeCast.log.gz 1.70MB | mcdn-logs.s3.amazonaws.com Axel/tripsta.Akamai.log 3.87GB | mcdn-logs.s3.amazonaws.com Axel/tripsta.EdgeCast.log.gz 814.53kB | mcdn-logs.s3.amazonaws.com Axel/tryba.Akamai.log 4.25MB | mcdn-logs.s3.amazonaws.com Axel/tryba.EdgeCast.log.gz 12.99kB | mcdn-logs.s3.amazonaws.com Axel/tryg.Akamai.log 93.76MB | mcdn-logs.s3.amazonaws.com Axel/tryg.EdgeCast.log.gz 48.77kB | mcdn-logs.s3.amazonaws.com Axel/tsb.Akamai.log 2.24GB | mcdn-logs.s3.amazonaws.com Axel/tsb.EdgeCast.log.gz 12.97MB | mcdn-logs.s3.amazonaws.com Axel/tui.Akamai.log 4.66GB | mcdn-logs.s3.amazonaws.com Axel/tui.EdgeCast.log.gz 2.17MB | mcdn-logs.s3.amazonaws.com Axel/turkcell.Akamai.log 6.00GB | mcdn-logs.s3.amazonaws.com Axel/turkcell.EdgeCast.log.gz 538.18kB | mcdn-logs.s3.amazonaws.com Axel/tv5monde.Akamai.log 207.28kB | mcdn-logs.s3.amazonaws.com Axel/tv5monde.EdgeCast.log.gz 42.00B | mcdn-logs.s3.amazonaws.com Axel/twinings.Akamai.log 7.62MB | mcdn-logs.s3.amazonaws.com Axel/twinings.EdgeCast.log.gz 19.18kB | mcdn-logs.s3.amazonaws.com Axel/uefa.Akamai.log 1.83GB | mcdn-logs.s3.amazonaws.com Axel/uefa.EdgeCast.log.gz 1.51MB | mcdn-logs.s3.amazonaws.com Axel/unicredit.Akamai.log 525.75MB | mcdn-logs.s3.amazonaws.com Axel/unicredit.EdgeCast.log.gz 800.31kB | mcdn-logs.s3.amazonaws.com Axel/unive.Akamai.log 6.50GB | mcdn-logs.s3.amazonaws.com Axel/unive.EdgeCast.log.gz 1.70MB | mcdn-logs.s3.amazonaws.com Axel/urbanoutfitters.Akamai.log 5.84GB | mcdn-logs.s3.amazonaws.com Axel/urbanoutfitters.EdgeCast.log.gz 40.96MB | mcdn-logs.s3.amazonaws.com Axel/utopiatv.Akamai.log 156.22MB | mcdn-logs.s3.amazonaws.com Axel/utopiatv.EdgeCast.log.gz 304.82kB | mcdn-logs.s3.amazonaws.com Axel/vacansoleil.Akamai.log 300.04MB | mcdn-logs.s3.amazonaws.com Axel/vacansoleil.EdgeCast.log.gz 364.41kB | mcdn-logs.s3.amazonaws.com Axel/vente-privee.Akamai.log 1.65GB | mcdn-logs.s3.amazonaws.com Axel/vente-privee.EdgeCast.log.gz 3.26MB | mcdn-logs.s3.amazonaws.com Axel/vgz.Akamai.log 206.77MB | mcdn-logs.s3.amazonaws.com Axel/vgz.EdgeCast.log.gz 178.44kB | mcdn-logs.s3.amazonaws.com Axel/vodafone.Akamai.log 227.82GB | mcdn-logs.s3.amazonaws.com Axel/vodafone.EdgeCast.log.gz 236.56MB | mcdn-logs.s3.amazonaws.com Axel/volvo.Akamai.log 2.86GB | mcdn-logs.s3.amazonaws.com Axel/volvo.EdgeCast.log.gz 7.21MB | mcdn-logs.s3.amazonaws.com Axel/yara.Akamai.log 1.84GB | mcdn-logs.s3.amazonaws.com Axel/yara.EdgeCast.log.gz 296.00kB | mcdn-logs.s3.amazonaws.com Axel/yemeksepeti.Akamai.log 3.09GB | mcdn-logs.s3.amazonaws.com Axel/yemeksepeti.EdgeCast.log.gz 269.70kB | mcdn-logs.s3.amazonaws.com Axel/zegna.Akamai.log 54.22MB | mcdn-logs.s3.amazonaws.com Axel/zegna.EdgeCast.log.gz 210.37kB | mcdn-logs.s3.amazonaws.com Axel/zoover.Akamai.log 356.48MB | mcdn-logs.s3.amazonaws.com Axel/zoover.EdgeCast.log.gz 377.01kB | mcdn-logs.s3.amazonaws.com Axel/zurich.Akamai.log 717.94MB | mcdn-logs.s3.amazonaws.com Axel/zurich.EdgeCast.log.gz 299.14kB | mcdn-logs.s3.amazonaws.com autonation/may_akamai.log 710.91MB | mcdn-logs.s3.amazonaws.com autonation/may_edgecast.log 3.33GB | mcdn-logs.s3.amazonaws.com dominos-pe_may_akamai.log 282.88MB
  11. It also includes Edgecast data. Through a bit of OSINT it looks like it may be Tealium, who do a multi-CDN solution. I'm trying to reach them.
  12. I've emailed Akamai, it appears to be some kind of managed multi CDN solution. Data contains IP address, request URL, browser agent, date and time. Screenshot, not exhaustive obviously.
  13. Indictment PDF: https://www.dropbox.com/s/z7u5rxcdajuvw6t/19718675504.pdf?dl=0 A bunch of things stand out: Why did the WAF account apparently have access to the S3 storage buckets? Why wasn't the data of hundreds of millions of people's credit checks encrypted? Should that kind of data have been left for so long in cloud buckets? Why didn't they notice all these S3 buckets being sync'd to a random VPN IP address? It happened 4 months ago. Why didn't they notice the Gitlab pages listing their config? Why didn't they notice until somebody random emailed them to tell them? I don't know if more details will go public (they probably don't want it to get to trial for obvious reasons). I guess lessons learned from outside looking in is: - Monitoring. Ingest your cloud logs. Alert against them. Monitor sites like Github and Gitlab for obviously sensitive information, e.g. usernames, bucket names etc. And yes, this is the kind of incident that would (and still will) catch many orgs with their pants down, Capital One aren't alone. It looks like the same person behind this one hit other fintech orgs too, looking at their online files - I'm going to guess they haven't noticed yet either.
  14. The browser just uses whichever certificate it has been provided via the network and validates it as usual, e.g. if the cert is signed by a CA it trusts and the certificate is valid, it doesn't show a warning. I don't have a link to hand re the Kazakhstan certificate but the website is reachable, it just tells you have to install it on different devices.
  15. I guess you could have a break glass admin account outside of MFA policy - then use that to reconfigure things if things go wrong. If you use Conditional Access I guess you could whitelist everything to bypass MFA then.
  16. For me it's basically the same as what do you do if Office365 goes offline again - you wait for MS to fix it sadly.
  17. If somebody/something is intercepting the traffic at network layer, it can present whatever certificate it wants. So say on a corporate network, you intercept the traffic and rewrite it to use a custom CA signed certificate - that way the client end trusts it, and you can see inside the traffic.
  18. For Internet Explorer, Edge and Chrome you just inject it into the Windows CA store, you can do this with Group Policy. For Firefox, https://wiki.mozilla.org/CA/AddRootToFirefox In the case of Kazakhstan they just get people to manually import it.
  19. haha, this has done what I've been working on in my spare time - I have been working on a TCP-over-DoH tunnel, which does TCP tunnels within DNS-over-HTTPS, so basically you get an encrypted tunnel through Google's servers. Mine was shite though, I'll have to try this.
  20. Another option is take Microsoft up on the "free" security updates to Windows Server 2008 R2 when using Microsoft Azure. Microsoft still support Windows Server 2003 in Azure, so it's kinda a legacy cash cow for them... maybe hence why they don't want to solve the on premise time bomb.
  21. If you’re deploying at a greenfield site Azure Sentinel is pretty good as it’s very easy to get up and running, and cheap. And they have good built in threat detection and such. The struggle with Splunk has been very real for me. I think it’s too big for many orgs.
  22. SIEM solutions save my ass all the time, as does AV - it's the only way to have some insight and basic control in an organisation of this size, as I can't reinvent how the company does IT from within a Security Operations function. Problems occur around how companies deploy these technologies - e.g. with AV they often fail to set and enforce sane defaults (e.g. Windows Defender customers often don't turn on the MAPS telemetry - which is the best feature for protection) and look after the installations (e.g. in a company a few year into its current AV journey, you will often find hundreds+ of broke AV installations due to lack of disk space etc. With SIEM you'll find companies who spend big to splurge everything into the system, and then have no real detection rules.
  23. If it’s Palo-Alto, assuming you have SSL decryption set up (set it up) you can just block the application dns-over-https - Palo Alto use application classification where they look at the traffic and decided what it is, and they have definitions for the RFC standard for this. Also keep your Palo-Alto upgraded 😅
  24. No, the browser just uses whatever cert it is told to use.
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy