SlideShare a Scribd company logo

Hostile Subdomain Takeover by Ankit Prateek

OWASP Delhi, profile picture
OWASP Delhi

The document discusses the risk of hostile subdomain takeover, where individuals can register abandoned subdomains and redirect them to third-party apps. It emphasizes the need for regular checks on DNS configurations to prevent such takeovers by ensuring unused subdomains are properly managed. The content includes a demo and provides credit to contributors for further information.

Technology
Related topics:
Information Security
1 of 7
Downloaded 11 times
1
2
3
4
5
6
7
Hostile Subdomain Takeover
HST in a minute ● People register subdomains & point it to 3rd  party apps/websites ● Github pages, Heroku, S3, AWS are some examples ● Sometimes they migrate or stop using the feature and forget to  remove the name pointer ● An entry exists at nameserver pointing to a page ● Create an account and claim that page. ● Done!
#OkThxBye
Interactive Session Lets talk DNS & NameServers
DEMO
Defense ● Check your DNS­configuration for  subdomains pointing to services not in use. ● Keep your DNS­entries constantly vetted  and restricted.
Thanks To ● Prakhar Prasad (@prakharprasad) ● Detectify  https://labs.detectify.com/2014/10/21/hostile­ subdomain­takeover­using­ herokugithubdesk­more/

More Related Content

PDF
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
OWASP Delhi
 
PPT
How To Detect Xss
Ferruh Mavituna
 
PDF
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
PDF
Securing dns records from subdomain takeover
OWASP Delhi
 
PDF
Effective Cyber Security Report Writing
OWASP Delhi
 
PPTX
Data sniffing over Air Gap
OWASP Delhi
 
PPTX
UDP Hunter
OWASP Delhi
 
PDF
Demystifying Container Escapes
OWASP Delhi
 
Thwarting The Surveillance in Online Communication by Adhokshaj Mishra
OWASP Delhi
 
How To Detect Xss
Ferruh Mavituna
 
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
OWASP Delhi
 
Securing dns records from subdomain takeover
OWASP Delhi
 
Effective Cyber Security Report Writing
OWASP Delhi
 
Data sniffing over Air Gap
OWASP Delhi
 
UDP Hunter
OWASP Delhi
 
Demystifying Container Escapes
OWASP Delhi
 

More from OWASP Delhi (20)

PPTX
Automating WAF using Terraform
OWASP Delhi
 
PPTX
Actionable Threat Intelligence
OWASP Delhi
 
PDF
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
PPTX
Owasp top 10 vulnerabilities
OWASP Delhi
 
PPTX
Recon with Nmap
OWASP Delhi
 
PPTX
Securing AWS environments by Ankit Giri
OWASP Delhi
 
PDF
DMARC Overview
OWASP Delhi
 
PDF
Cloud assessments by :- Aakash Goel
OWASP Delhi
 
PDF
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
 
ODP
Wireless security beyond password cracking by Mohit Ranjan
OWASP Delhi
 
PDF
IETF's Role and Mandate in Internet Governance by Mohit Batra
OWASP Delhi
 
PDF
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
OWASP Delhi
 
PPTX
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
PDF
DFIR using Docker Containers by Deep Shankar Yadav
OWASP Delhi
 
PPTX
RAT - Kill or Get Killed! by Karan Bansal
OWASP Delhi
 
PPTX
IoT Security Risks and Challenges
OWASP Delhi
 
PPTX
Hacking & Securing of iOS Apps by Saurabh Mishra
OWASP Delhi
 
PPTX
Quantum Computing by Rajeev Chauhan
OWASP Delhi
 
PPT
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
OWASP Delhi
 
PDF
Network discovery - Inside out by Aakash Goel
OWASP Delhi
 
Automating WAF using Terraform
OWASP Delhi
 
Actionable Threat Intelligence
OWASP Delhi
 
Threat hunting 101 by Sandeep Singh
OWASP Delhi
 
Owasp top 10 vulnerabilities
OWASP Delhi
 
Recon with Nmap
OWASP Delhi
 
Securing AWS environments by Ankit Giri
OWASP Delhi
 
DMARC Overview
OWASP Delhi
 
Cloud assessments by :- Aakash Goel
OWASP Delhi
 
Pentesting Rest API's by :- Gaurang Bhatnagar
OWASP Delhi
 
Wireless security beyond password cracking by Mohit Ranjan
OWASP Delhi
 
IETF's Role and Mandate in Internet Governance by Mohit Batra
OWASP Delhi
 
Malicious Hypervisor - Virtualization in Shellcodes by Adhokshaj Mishra
OWASP Delhi
 
ICS Security 101 by Sandeep Singh
OWASP Delhi
 
DFIR using Docker Containers by Deep Shankar Yadav
OWASP Delhi
 
RAT - Kill or Get Killed! by Karan Bansal
OWASP Delhi
 
IoT Security Risks and Challenges
OWASP Delhi
 
Hacking & Securing of iOS Apps by Saurabh Mishra
OWASP Delhi
 
Quantum Computing by Rajeev Chauhan
OWASP Delhi
 
Darknets - Introduction & Deanonymization of Tor Users By Hitesh Bhatia
OWASP Delhi
 
Network discovery - Inside out by Aakash Goel
OWASP Delhi
 
Ad

Recently uploaded (20)

PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Teaching material agriculture food technology
LiaRayya
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Ad

Hostile Subdomain Takeover by Ankit Prateek