Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Hostile Subdomain Takeover
HST in a minute
● People register subdomains & point it to 3rd
 party apps/websites
● Github pages, Heroku, S3, AWS are so...
#OkThxBye
Interactive Session
Lets talk DNS & NameServers
DEMO
Defense
● Check your DNS­configuration for 
subdomains pointing to services not in use.
● Keep your DNS­entries constantly...
Thanks To
● Prakhar Prasad (@prakharprasad)
● Detectify 
https://labs.detectify.com/2014/10/21/hostile­
subdomain­takeover...
Upcoming SlideShare
Loading in …5
×

Hostile Subdomain Takeover by Ankit Prateek

558 views

Published on

Hostile Subdomain Takeover by Ankit Prateek @ Combined null Delhi and OWASP Delhi February 2017 Meetup

Published in: Technology
  • Be the first to comment

Hostile Subdomain Takeover by Ankit Prateek

  1. 1. Hostile Subdomain Takeover
  2. 2. HST in a minute ● People register subdomains & point it to 3rd  party apps/websites ● Github pages, Heroku, S3, AWS are some examples ● Sometimes they migrate or stop using the feature and forget to  remove the name pointer ● An entry exists at nameserver pointing to a page ● Create an account and claim that page. ● Done!
  3. 3. #OkThxBye
  4. 4. Interactive Session Lets talk DNS & NameServers
  5. 5. DEMO
  6. 6. Defense ● Check your DNS­configuration for  subdomains pointing to services not in use. ● Keep your DNS­entries constantly vetted  and restricted.
  7. 7. Thanks To ● Prakhar Prasad (@prakharprasad) ● Detectify  https://labs.detectify.com/2014/10/21/hostile­ subdomain­takeover­using­ herokugithubdesk­more/

×