Weirdest Bug Bounty – Getting PII from Office365
medium.comI'm confused about the ntlm hashes - so it sounds like there is some service that contacts the auto-generated guid domain and sends legit SMB traffic to it? That seems really odd? I'd be curious to hear more about that.
Wow. That’s textbook bad engineering. Could’ve done guid.nonexistanttld but they just had to do guid.com!
Well, history has shown that you can't expect a non existing TLD to keep not existing. The design industry got burned using .xxx as a placeholder in designs, when that suddenly started resolving people's placeholders all linked to porn.
The TLD 'invalid' is guaranteed to remain, well, invalid.