Recently, the domain corp.com has gone up for sale for a price of $1.7 million USD. This domain would be particularly dangerous if a threat actor were to control it, due to the fact that many corporate domains have misconfigured settings to use “corp” instead of a domain name owned by the company. During a study in 2019, funded in part by the Department of Homeland Security, more than 375,000 Windows computers attempted to send sensitive information such as logins to the corp.com domain in just 15 minutes. When the corp.com domain was set up to receive email messages, over 12 million emails, including some with sensitive information, were received in just over an hour. Active Directory for Windows maps shared network resources to domains to allow easy access to these resources. These domains should be owned by the company deploying Active Directory (AD). However, in older AD instances, such as the Windows 2000 server, the default AD path was “corp,” and many companies began using these default settings without ever changing the corp domain path.
In a completely localized environment with no remote computers, issues shouldn’t arise from using the default corp.com domain path. However, if a user attempts to access an AD mapped device from an external network using default settings, data will be routed to corp.com, which exposes passwords and other sensitive information.