Contact us
Blog
Subscribe

Mullvad DNS over HTTPS server audit

by Alexander Alasjö 2021-03-04

Our good friends at Mullvad asked us to publish the report for a pentest we recently conducted on their DNS over HTTPS servers.

You can find the report here: Assured_Mullvad_DoH_server_audit_report.pdf

Read more on the Mullvad blog: Mullvad DoH and DoT - beta release

The audit focused on configuration in regards to privacy, attack surface reduction and security best practices. The server deployment and configuration displayed a good level of security in general.

At the time of the audit, the exposed services were running at a good patch level, with no known vulnerabilities.

The most notable findings during the audit was related to a misconfiguration of the DNS service (Unbound), NTP service and iptables egress/ingress configuration, these issues were promptly resolved by the Mullvad team and verified during the audit period.

Blog

2023 Retrospective: IT Infrastructure and Active Directory Security

A 2023 retrospective by Assured Security Consultants on security assessments conducted, highlighting key IT infrastructure and Active Directory vulnerabilities, the impact of new regulations, and strategies for a more secure future.

Blog

Application Security Assessment 101

An introduction to what an application security assessment is and how it is performed.

Blog

Advent of Code 2023

Becoming a December tradition, Assured sponsors Advent of Code for the third time!

More blog posts

Services

Penetration test

Adversary simulation

Code review

Threat Landscape Assessment (TLA)

Advisory

Training

Threat & Risk

Areas

Application Security

Mobile App Security

Infrastructure

Automotive Security

Embedded Security

Cryptography

 

About Assured

Careers

Publications

Blog

 

© 2023 Assured AB