| ▲ | A1kmm 8 hours ago | |||||||
But she mentioned: 1) it isn't in DNS only /etc/hosts and 2) they are making a connection to it. So they'd need to get the IP address to connect to from somewhere as well. | ||||||||
| ▲ | jeroenhd 8 hours ago | parent | next [-] | |||||||
From the article: > You're able to see this because you set up a wildcard DNS entry for the whole ".nothing-special.whatever.example.com" space pointing at a machine you control just in case something leaks. And, well, something did* leak. They don't need the IP address itself, it sounds like they're not even connecting to the same host. | ||||||||
| ▲ | bardsore 8 hours ago | parent | prev [-] | |||||||
Unless she hosts her own cert authority or is using a self-signed cert, the wildcard cert she mentions is visible to the public on sites such as https://crt.sh/. | ||||||||
| ||||||||