{"id":10221,"date":"2013-12-29T07:54:51","date_gmt":"2013-12-29T06:54:51","guid":{"rendered":"https:\/\/www.corelan.be\/?p=10221"},"modified":"2013-12-29T07:54:51","modified_gmt":"2013-12-29T06:54:51","slug":"a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring","status":"publish","type":"post","link":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/","title":{"rendered":"A chain is only as strong as its weakest link - DNS Hijack Monitoring"},"content":{"rendered":"<p>It doesn't really matter how much time your developers have spent writing secure code and how many layers of security you have implemented to protect your website from being hacked and defaced.&#160; Recent incidents have demonstrated that the bad guys will simply look for and find an easier way to hurt your business.&#160; <\/p>\n<p>Instead of going after vulnerabilities in the website itself, they'll focus on a potentially weaker link in the system: the DNS registrar.&#160; All they have to do is &quot;convince&quot; the right person (via e-mail, fax, etc) or by guessing username\/password in the management console for DNS, by hacking into a DNS hosting company, that an update to your public DNS records is legit.&#160; A few moments later, the internet won't be looking at your website anymore.<\/p>\n<p>You could use tools to monitor the content of your websites &amp; report back when significant changes are made, but as the content of websites often changes, you'll find yourself updating your tools quite often.&#160; Perhaps an easier approach would be to also monitor the DNS records and report when an IP address has changed.<\/p>\n<h3>Getting started<\/h3>\n<p>I decided to hack a little python script together that allows you to do that.&#160; You can get a copy of the script at <a href=\"https:\/\/github.com\/corelan\/dnshjmon\">https:\/\/github.com\/corelan\/dnshjmon<\/a>&#160; or simply clone the repository:<\/p>\n<pre style=\"overflow: auto; border-top: #cecece 1px solid; border-right: #cecece 1px solid; width: 650px; border-bottom: #cecece 1px solid; padding-bottom: 5px; padding-top: 5px; padding-left: 5px; min-height: 40px; border-left: #cecece 1px solid; padding-right: 5px; background-color: #191919\">root@krypto1:\/dns<span style=\"color: #008000\"># git clone https:\/\/github.com\/corelan\/dnshjmon.git<\/span>\nCloning into 'dnshjmon'...\nremote: Counting objects: 54, done.\nremote: Compressing objects: 100% (37\/37), done.\nremote: Total 54 (delta 28), reused 43 (delta 17)\nUnpacking objects: 100% (54\/54), done.\nroot@krypto1:\/dns<span style=\"color: #008000\"># <\/span><\/pre>\n<h3>Setting up the configuration<\/h3>\n<p>The script uses 2 configuration files:<\/p>\n<ul>\n<li>a file that contains the hostnames you want to monitor, and the valid IP (one, multiple, or even CIDR notations)<\/li>\n<li>a file that contains the configuration about how to send email reports<\/li>\n<\/ul>\n<h4>DNS Config file<\/h4>\n<p>This is a flat ascii file (dnshjmon_dns.conf) that contains the list with hostnames that need to be checked and the list with valid IPs for that hostname.<\/p>\n<pre style=\"overflow: auto; border-top: #cecece 1px solid; border-right: #cecece 1px solid; width: 650px; border-bottom: #cecece 1px solid; padding-bottom: 5px; padding-top: 5px; padding-left: 5px; min-height: 40px; border-left: #cecece 1px solid; padding-right: 5px; background-color: #191919\">hostname=ip<\/pre>\n<p>You can specify multiple IP addresses and\/or even use CIDR notation. Simply separate entries with a comma:<\/p>\n<pre style=\"overflow: auto; border-top: #cecece 1px solid; border-right: #cecece 1px solid; width: 650px; border-bottom: #cecece 1px solid; padding-bottom: 5px; padding-top: 5px; padding-left: 5px; min-height: 40px; border-left: #cecece 1px solid; padding-right: 5px; background-color: #191919\">hostname=127.0.0.1,192.168.0.1\/25<\/pre>\n<p>If you want to exclude a certain IP, prefix it with a dash<\/p>\n<pre style=\"overflow: auto; border-top: #cecece 1px solid; border-right: #cecece 1px solid; width: 650px; border-bottom: #cecece 1px solid; padding-bottom: 5px; padding-top: 5px; padding-left: 5px; min-height: 40px; border-left: #cecece 1px solid; padding-right: 5px; background-color: #191919\">hostname=127.0.0.1,192.168.0.1\/25,-192.168.0.5<\/pre>\n<p>You can, obviously, specify as many hostnames as you want.<\/p>\n<p>You can specify an alternative path for the dns configuration file using the -d argument.<\/p>\n<h4>SMTP Config file<\/h4>\n<p>This file (dnshjmon_smtp.conf) will be created the first time you run dnshjmon.py, using an interactive wizard. <\/p>\n<pre style=\"overflow: auto; border-top: #cecece 1px solid; border-right: #cecece 1px solid; width: 650px; border-bottom: #cecece 1px solid; padding-bottom: 5px; padding-top: 5px; padding-left: 5px; min-height: 40px; border-left: #cecece 1px solid; padding-right: 5px; background-color: #191919\">(master) root@krypto1:\/dns\/dnshjmon# python dnshjmon.py \n\n     __                __     __                         \n .--|  |.-----..-----.|  |--.|__|.--------..-----..-----.\n |  _  ||     ||__ --||     ||  ||        ||  _  ||     |\n |_____||__|__||_____||__|__||  ||__|__|__||_____||__|__|\n                            |___|                        \n                        [ corelanc0d3r - www.corelan.be ]\n \n[+] Using dns config file \/dns\/dnshjmon\/dnshjmon_dns.conf\n[-] Oops, email config file \/dns\/dnshjmon\/dnshjmon_smtp.conf doesn't exist yet\n[+] Creating a <span style=\"color: #0000ff\">new<\/span> config file.\n    &gt; Enter smtp mail server IP or hostname: 127.0.0.1\n    &gt; Enter mail server port (default: 25): \n    &gt; Enter 'From' email address: peter.ve@corelan.be\n    &gt; Enter 'To' email address: peter.ve@corelan.be\n    &gt; Enter mail server timeout (in seconds, default: 300): \n    &gt; Does server require authentication? (yes\/no, default: no): \n    &gt; Does server require\/support STARTTLS ? (yes\/no, default: no): \n[+] Saved <span style=\"color: #0000ff\">new<\/span> config file<\/pre>\n<p>You can specify an alternate path to the configuration file using the -s parameter.<\/p>\n<p>If you want to add additional mailserver configurations or change the existing one, simply edit the conf file. <\/p>\n<p>You can test if the mail configuration works correctly by using the -mail argument. By default, emails will be sent with high-priority and requesting a return-receipt.<\/p>\n<h3>Can I use custom nameservers (other than the ones configured on the OS level) ?<\/h3>\n<p>Sure you can, but you'll need to install the python-dnspython library from <a href=\"http:\/\/www.dnspython.org\">www.dnspython.org<\/a>.&#160; On Ubuntu \/ Kali, this is as easy as running apt-get install python-dnspython.&#160; On Windows, you need to extract the archive and run setup.py or, alternatively, just copy the 'dns' subfolder to c:\\python27\\lib\\site-packages.<\/p>\n<p>When dnshjmon detects that the library is installed, it will expose a -n argument, which allows you to specify the full path to a flat file that contains the IP address or addresses (one IP per line) of the DNS server(s) you want to use for queries.<\/p>\n<h3>Using the script<\/h3>\n<p>After setting up the configuration files, all you have to do is schedule the script to run (every half an hour, for example).&#160; When a mismatch is found, an email will be sent.<\/p>\n<p>It may not be a bad idea to configure your monitoring box to use Google or OpenDNS for DNS resolution. Furthermore, if you run this script on a windows box, maybe create a little batch file that will also call ipconfig \/flushdns prior to running the python script.&#160; It might be a good idea to run a git pull from time to time, as I may be adding new features some time in the future.<\/p>\n<p>If all goes well, the output (on screen) will look like this:<\/p>\n<pre style=\"overflow: auto; border-top: #cecece 1px solid; border-right: #cecece 1px solid; width: 650px; border-bottom: #cecece 1px solid; padding-bottom: 5px; padding-top: 5px; padding-left: 5px; min-height: 40px; border-left: #cecece 1px solid; padding-right: 5px; background-color: #191919\">(master) root@krypto1:\/dns\/dnshjmon# python dnshjmon.py\n\n     _                __     __\n .--|  |.-----..-----.|  |--.|__|.--------..-----..-----.\n |  _  ||     ||__ --||     ||  ||        ||  _  ||     |\n |_____||__|__||_____||__|__||  ||__|__|__||_____||__|__|\n                            |___|\n                        [ corelanc0d3r - www.corelan.be ]\n \n[+] Using dns config file \/dns\/dnshjmon\/dnshjmon_dns.conf\n[+] Using mail config file \/dns\/dnshjmon\/dnshjmon_smtp.conf\n\n[+] Running DNS check\n[+] Using OS DNS configuration for queries\n\nResults:\n--------\n1. www.corelan.be - check OK? : true (['178.79.152.9']) \n\n[+] Done checking, tested 1 sites, reported 0 IP mismatches<\/pre>\n<p>if an issue is found, you'll see this:<\/p>\n<pre style=\"overflow: auto; border-top: #cecece 1px solid; border-right: #cecece 1px solid; width: 650px; border-bottom: #cecece 1px solid; padding-bottom: 5px; padding-top: 5px; padding-left: 5px; min-height: 40px; border-left: #cecece 1px solid; padding-right: 5px; background-color: #191919\">(master) root@krypto1:\/dns\/dnshjmon# python dnshjmon.py\n\n     _                __     __\n .--|  |.-----..-----.|  |--.|__|.--------..-----..-----.\n |  _  ||     ||__ --||     ||  ||        ||  _  ||     |\n |_____||__|__||_____||__|__||  ||__|__|__||_____||__|__|\n                            |___|\n                        [ corelanc0d3r - www.corelan.be ]\n \n[+] Using dns config file \/dns\/dnshjmon\/dnshjmon_dns.conf\n[+] Using mail config file \/dns\/dnshjmon\/dnshjmon_smtp.conf\n\n[+] Running DNS check\n[+] Using OS DNS configuration for queries\n\nResults:\n--------\n1. www.corelan.be - check OK? : false (['178.79.152.9'] : Record manipulated?)\n\n[+] Done checking, tested 1 sites, reported 1 IP mismatches\n\n**************************************************\n1 DNS record(s) may have been manipulated:\n20131231-09:43:26: www.corelan.be resolves to 178.79.152.9, but it should be ['178.79.152.8']\n**************************************************\n[+] Config file appears to contain 1 mail server definitions\n[+] Checking <span style=\"color: #0000ff\">if<\/span> 172.0.0.1:25 is reachable\n    Yup, port is <span style=\"color: #0000ff\">open<\/span>\n[+] Connecting to 127.0.0.1 on port 25\n[+] Connected\n[+] Sending email\n[+] Mail sent, disconnecting<\/pre>\n<p>Suppose you want to use the google DNS server 8.8.8.8 instead of the OS DNS server configuration and you have installed python-dnspython, then simply create a file (nameservers.conf or something like that) and put 8.8.8.8 in that file. Tell dnshjmon to use that file and the output will look like this:<\/p>\n<pre style=\"overflow: auto; border-top: #cecece 1px solid; border-right: #cecece 1px solid; width: 650px; border-bottom: #cecece 1px solid; padding-bottom: 5px; padding-top: 5px; padding-left: 5px; min-height: 40px; border-left: #cecece 1px solid; padding-right: 5px; background-color: #191919\">(master) root@krypto1:\/dns\/dnshjmon# python dnshjmon.py -n nameservers.conf\n\n     _                __     __\n .--|  |.-----..-----.|  |--.|__|.--------..-----..-----.\n |  _  ||     ||__ --||     ||  ||        ||  _  ||     |\n |_____||__|__||_____||__|__||  ||__|__|__||_____||__|__|\n                            |___|\n                        [ corelanc0d3r - www.corelan.be ]\n \n[+] Using dns config file \/dns\/dnshjmon\/dnshjmon_dns.conf\n[+] Using mail config file \/dns\/dnshjmon\/dnshjmon_smtp.conf\n\n[+] Running DNS check\n[+] Using 1 DNS server(s) for queries:\n    ['8.8.8.8']\n\nResults:\n--------\n1. www.corelan.be - check OK? : true (['178.79.152.9']) \n\n[+] Done checking, tested 1 sites, reported 0 IP mismatches<\/pre>\n<p>The script was written and tested against python 2.7 and should run out of the box on Windows, Linux and Mac OS.<\/p>\n<p>Enjoy !<\/p>\n<hr \/>\n","protected":false},"excerpt":{"rendered":"<p>It doesn't really matter how much time your developers have spent writing secure code and how many layers of security you have implemented to protect your website from being hacked and defaced.&#160; Recent incidents have demonstrated that the bad guys will simply look for and find an easier way to hurt your business.&#160; Instead of &hellip; <a href=\"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> \"A chain is only as strong as its weakest link - DNS Hijack Monitoring\"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[488,164,373],"tags":[632,261,204],"class_list":["post-10221","post","type-post","status-publish","format-standard","hentry","category-corelan-free-tools","category-networking","category-scripts","tag-monitor","tag-corelan","tag-backtrack"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A chain is only as strong as its weakest link - DNS Hijack Monitoring - Corelan | Exploit Development &amp; Vulnerability Research<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A chain is only as strong as its weakest link - DNS Hijack Monitoring - Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"og:description\" content=\"It doesn&#039;t really matter how much time your developers have spent writing secure code and how many layers of security you have implemented to protect your website from being hacked and defaced.&#160; Recent incidents have demonstrated that the bad guys will simply look for and find an easier way to hurt your business.&#160; Instead of &hellip; Continue reading &quot;A chain is only as strong as its weakest link - DNS Hijack Monitoring&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/\" \/>\n<meta property=\"og:site_name\" content=\"Corelan | Exploit Development &amp; Vulnerability Research\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/corelanconsulting\" \/>\n<meta property=\"article:published_time\" content=\"2013-12-29T06:54:51+00:00\" \/>\n<meta name=\"author\" content=\"corelanc0d3r\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@corelanc0d3r\" \/>\n<meta name=\"twitter:site\" content=\"@corelanc0d3r\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"TechArticle\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/12\\\/29\\\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/12\\\/29\\\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\\\/\"},\"author\":{\"name\":\"corelanc0d3r\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\"},\"headline\":\"A chain is only as strong as its weakest link - DNS Hijack Monitoring\",\"datePublished\":\"2013-12-29T06:54:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/12\\\/29\\\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\\\/\"},\"wordCount\":762,\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"keywords\":[\"monitor\",\"corelan\",\"backtrack\"],\"articleSection\":[\"Corelan Free Tools\",\"Networking\",\"Scripts\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/12\\\/29\\\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/12\\\/29\\\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\\\/\",\"name\":\"A chain is only as strong as its weakest link - DNS Hijack Monitoring - Corelan | Exploit Development &amp; Vulnerability Research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\"},\"datePublished\":\"2013-12-29T06:54:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/12\\\/29\\\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/12\\\/29\\\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/2013\\\/12\\\/29\\\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.corelan.be\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A chain is only as strong as its weakest link &#8211; DNS Hijack Monitoring\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#website\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"name\":\"Corelan CyberSecurity Research\",\"description\":\"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.corelan.be\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#organization\",\"name\":\"Corelan CyberSecurity Research\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"contentUrl\":\"https:\\\/\\\/www.corelan.be\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/corelanlogo2_small-20.png\",\"width\":200,\"height\":200,\"caption\":\"Corelan CyberSecurity Research\"},\"image\":{\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/corelanconsulting\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\",\"https:\\\/\\\/x.com\\\/corelanconsulting\",\"https:\\\/\\\/instagram.com\\\/corelanconsult\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.corelan.be\\\/#\\\/schema\\\/person\\\/3be5542b9b0a0787893db83a5ad68e8f\",\"name\":\"corelanc0d3r\",\"pronouns\":\"he\\\/him\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x\",\"caption\":\"corelanc0d3r\"},\"description\":\"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.\",\"sameAs\":[\"https:\\\/\\\/www.corelan-training.com\",\"https:\\\/\\\/instagram.com\\\/corelanc0d3r\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/petervaneeckhoutte\\\/\",\"https:\\\/\\\/x.com\\\/corelanc0d3r\"],\"url\":\"https:\\\/\\\/www.corelan.be\\\/index.php\\\/author\\\/admin0\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A chain is only as strong as its weakest link - DNS Hijack Monitoring - Corelan | Exploit Development &amp; Vulnerability Research","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/","og_locale":"en_US","og_type":"article","og_title":"A chain is only as strong as its weakest link - DNS Hijack Monitoring - Corelan | Exploit Development &amp; Vulnerability Research","og_description":"It doesn't really matter how much time your developers have spent writing secure code and how many layers of security you have implemented to protect your website from being hacked and defaced.&#160; Recent incidents have demonstrated that the bad guys will simply look for and find an easier way to hurt your business.&#160; Instead of &hellip; Continue reading \"A chain is only as strong as its weakest link - DNS Hijack Monitoring\"","og_url":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/","og_site_name":"Corelan | Exploit Development &amp; Vulnerability Research","article_publisher":"https:\/\/www.facebook.com\/corelanconsulting","article_published_time":"2013-12-29T06:54:51+00:00","author":"corelanc0d3r","twitter_card":"summary_large_image","twitter_creator":"@corelanc0d3r","twitter_site":"@corelanc0d3r","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"TechArticle","@id":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/#article","isPartOf":{"@id":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/"},"author":{"name":"corelanc0d3r","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f"},"headline":"A chain is only as strong as its weakest link - DNS Hijack Monitoring","datePublished":"2013-12-29T06:54:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/"},"wordCount":762,"publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"keywords":["monitor","corelan","backtrack"],"articleSection":["Corelan Free Tools","Networking","Scripts"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/","url":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/","name":"A chain is only as strong as its weakest link - DNS Hijack Monitoring - Corelan | Exploit Development &amp; Vulnerability Research","isPartOf":{"@id":"https:\/\/www.corelan.be\/#website"},"datePublished":"2013-12-29T06:54:51+00:00","breadcrumb":{"@id":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.corelan.be\/index.php\/2013\/12\/29\/a-chain-is-only-as-strong-as-its-weakest-link-dns-hijack-monitoring\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.corelan.be\/"},{"@type":"ListItem","position":2,"name":"A chain is only as strong as its weakest link &#8211; DNS Hijack Monitoring"}]},{"@type":"WebSite","@id":"https:\/\/www.corelan.be\/#website","url":"https:\/\/www.corelan.be\/","name":"Corelan CyberSecurity Research","description":"Corelan publishes in-depth tutorials on exploit development, Windows exploitation, vulnerability research, heap internals, reverse engineering and security tooling used by professionals worldwide.","publisher":{"@id":"https:\/\/www.corelan.be\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.corelan.be\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.corelan.be\/#organization","name":"Corelan CyberSecurity Research","url":"https:\/\/www.corelan.be\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/","url":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","contentUrl":"https:\/\/www.corelan.be\/wp-content\/uploads\/2026\/03\/corelanlogo2_small-20.png","width":200,"height":200,"caption":"Corelan CyberSecurity Research"},"image":{"@id":"https:\/\/www.corelan.be\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/corelanconsulting","https:\/\/x.com\/corelanc0d3r","https:\/\/x.com\/corelanconsulting","https:\/\/instagram.com\/corelanconsult"]},{"@type":"Person","@id":"https:\/\/www.corelan.be\/#\/schema\/person\/3be5542b9b0a0787893db83a5ad68e8f","name":"corelanc0d3r","pronouns":"he\/him","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","url":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3783bed6acd72d7fa5bb2387d88acbb9a3403e7cada60b2037e1cbb74ad451f9?s=96&d=mm&r=x","caption":"corelanc0d3r"},"description":"Peter Van Eeckhoutte is the founder of Corelan and a globally recognized expert in exploit development and vulnerability research. With over two decades in IT security, he built Corelan into a respected platform for deep technical research, hands-on training, and knowledge sharing. Known for his influential exploit development tutorials, tools, and real-world training, Peter combines a strong research mindset with a passion for education\u2014helping security professionals understand not just how exploits work, but why.","sameAs":["https:\/\/www.corelan-training.com","https:\/\/instagram.com\/corelanc0d3r","https:\/\/www.linkedin.com\/in\/petervaneeckhoutte\/","https:\/\/x.com\/corelanc0d3r"],"url":"https:\/\/www.corelan.be\/index.php\/author\/admin0\/"}]}},"views":8259,"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/10221","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/comments?post=10221"}],"version-history":[{"count":0,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/posts\/10221\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/media?parent=10221"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/categories?post=10221"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.corelan.be\/index.php\/wp-json\/wp\/v2\/tags?post=10221"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}