If you can't read please download the document

Hostile Subdomain Takeover by Ankit Prateek

  • Upload
    owasp

  • View
    38

  • Download
    2

Embed Size (px)

Citation preview

Hostile Subdomain Takeover

HST in a minute

People register subdomains & point it to 3rd party apps/websites

Github pages, Heroku, S3, AWS are some examples

Sometimes they migrate or stop using the feature and forget to remove the name pointer

An entry exists at nameserver pointing to a page

Create an account and claim that page.

Done!

#OkThxBye

Interactive Session

Lets talk DNS & NameServers

DEMO

Defense

Check your DNS-configuration for subdomains pointing to services not in use.

Keep your DNS-entries constantly vetted and restricted.

Thanks To

Prakhar Prasad (@prakharprasad)

Detectify https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/


Prateek Mishra

Prateek Mishra

Documents
Chapter: 4 · PDF fileDepartment of Mathematics University of Oslo Subdomain interior nodes Subdomain boundary nodes Subdomain boundaries Mek 4560 Torgeir Rusten Contents

Chapter: 4 · PDF fileDepartment of Mathematics University of Oslo Subdomain interior nodes Subdomain boundary nodes Subdomain boundaries Mek 4560 Torgeir Rusten Contents

Documents
Prateek Report

Prateek Report

Documents
PLastic Prateek

PLastic Prateek

Documents
Prateek Rest Final

Prateek Rest Final

Documents
Prateek Mid Sem

Prateek Mid Sem

Documents
Prateek Stylome

Prateek Stylome

Real Estate
Prateek Grand City

Prateek Grand City

Real Estate
SIR PRATEEK JAIN

SIR PRATEEK JAIN

Documents
Prateek Group Ghaziabad

Prateek Group Ghaziabad

Real Estate
2bv07e052 prateek joshi

2bv07e052 prateek joshi

Documents
Prateek Power Training

Prateek Power Training

Documents
Prateek Jain_Cost Sheet

Prateek Jain_Cost Sheet

Documents
Economics Project Prateek

Economics Project Prateek

Documents
Prateek Edifice

Prateek Edifice

Real Estate
Prateek wisteria noida

Prateek wisteria noida

Real Estate
Prateek Shrivastava

Prateek Shrivastava

Business
Tutorial Wp Subdomain

Tutorial Wp Subdomain

Documents
Subdomain and GaleErkin

Subdomain and GaleErkin

Documents
Prateek Surekha's profile

Prateek Surekha's profile

Education
Prateek Seminar Ppt

Prateek Seminar Ppt

Documents
Prateek stylomes, Prateek project noida sector 45-

Prateek stylomes, Prateek project noida sector 45-

Business
Prateek Report Final

Prateek Report Final

Documents
Prateek Research Project

Prateek Research Project

Documents
prateek narega

prateek narega

Documents
By Prateek Arora Security for Sensor Networks By: Prateek Arora

By Prateek Arora Security for Sensor Networks By: Prateek Arora

Documents
Prateek wisteria

Prateek wisteria

Real Estate
Prateek Jainreport

Prateek Jainreport

Documents
DPR Outline Prateek

DPR Outline Prateek

Documents
Prateek agrawal

Prateek agrawal

Economy & Finance