TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Lobsters — security tag

RIPE NCC RPKI exploit chain

mxsasha.eu via 7tehdt3cnw6kir6o · 2026-04-29 · Read original ↗

ATT&CK techniques detected

5 predictions
T1190Exploit Public-Facing Application
89%
“ripe ncc rpki exploit chain one click on a malicious, but not suspicious, link. that is all it could take for a network operator to get disconnected from the internet, through a chain of vulnerabilities i discovered. from that single click, i could fully control their routing aut…”
T1190Exploit Public-Facing Application
87%
“is not the vector expected by developers, or even typical security auditors. a traditional security audit of the rpki dashboard would not consider that someone might embed javascript in a dns version. bind response, serve it from the reverse zone of their ipv6 pi range, trigger i…”
T1190Exploit Public-Facing Application
68%
“took about 8 hours to restore full connectivity, even though the attacker ’ s changes were limited compared to what was possible. the attack mechanism was different from mine, but shows the potential impact. one bright side : once the cause is discovered, restoring the roas bring…”
T1190Exploit Public-Facing Application
55%
“up compromising rpki. references - ripe ncc : rpki cross site request forgery vulnerability ( pdf ) - 2026 - 03 xss vulnerability in crafted measurement results - ripe database 1. 121. 2 these posts were shared with ripe ncc for factual review prior to publication. factual feedba…”
T1078.001Default Accounts
45%
“access to cloudflare, which hosts a huge number of websites. at just over an hour, 80 % of networks dropped my traffic. it will not be immediately apparent what has happened. if monitoring services were configured, they will send alerts after some time, but even then the root cau…”

Summary

Comments