Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

NCC Group Releases Open Source DNS Rebinding Attack Tool

Cyber security and risk mitigation company NCC Group has released a new open source tool designed to make it easier for penetration testers and others to perform DNS rebinding attacks.

Cyber security and risk mitigation company NCC Group has released a new open source tool designed to make it easier for penetration testers and others to perform DNS rebinding attacks.

DNS rebinding, an attack method that has been known for more than a decade, can allow a remote hacker to abuse a targeted entity’s web browser to directly communicate with devices on the local network. DNS rebinding can be leveraged to exploit vulnerabilities in services the targeted machine has access to.

Getting the target to access a malicious page or view a malicious ad is often enough to conduct an attack that can lead to theft of sensitive information or taking control of vulnerable systems.

NCC Group on Friday announced the availability of Singularity of Origin, an open source tool designed for conducting DNS rebinding attacks.

“During recent security assessments, we’ve seen applications running on the localhost interface or exposing services on an internal network without authentication. This includes Electron-based applications or applications exposing Chrome Developer Tools and other various debuggers,” NCC Group Senior Security Consultant Roger Meyer said in a blog post.

“Exploiting such services is typically straight forward, but it takes a substantial effort to implement an attack in the context of a security assessment. There are tools available to exploit DNS rebinding vulnerabilities but they pose a number of challenges including the lack of support or documentation. They sometimes do not even work, are very specific and/or do not provide a full exploitation stack, requiring much effort to assemble and integrate all the missing bits and pieces,” Meyer noted.

According to NCC, Singularity provides a complete exploitation stack, including a custom DNS server that allows rebinding the DNS name and IP address of the attacker’s server to the targeted machine, an HTTP server for serving HTML and JavaScript code to targeted users, and various attack payloads. The payloads, which include grabbing an app’s homepage and remotely executing code, can be adapted for new and custom attacks.

NCC Group Senior Security Consultant Gerald Doussot told SecurityWeek that the purpose of Singularity is to provide penetration testers “a simple tool that rapidly exploits a DNS rebinding attack finding and illustrates graphically its potential impact, including remote code execution.”

Singularity also aims to increase awareness of DNS rebinding attacks among application developers and security teams.

“We wanted to increase awareness that DNS rebinding attacks are easy to exploit and damaging but can be remediated with appropriate controls,” Doussot explained.

Singularity source code is available on GitHub, where users can also find detailed instructions on how the tool can be set up and utilized. For demo purposes, NCC Group is also temporarily offering a test instance of the tool.

Singularity of Origin

Google Project Zero researcher Tavis Ormandy earlier this year put the spotlight on DNS rebinding attacks after finding serious vulnerabilities in some popular BitTorrent apps and Blizzard games.

Tripwire researcher Craig Young showed recently how the technique can be used against Google Home and Chromecast devices to reveal a user’s precise physical location. A study published in July by IoT security firm Armis showed that DNS rebinding exposes nearly half a billion devices used by enterprises to attacks.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...