SlideShare a Scribd company logo

DNS hijacking at cloud

DNS hijacking at cloud

1 of 13
Download to read offline
DNS HIJACKING AT CLOUD
Your forgotten subdomain going to hurt
you.
Co-Founder @ BEETLES (beetles.io)
Twitter: @shaheemirza
Web: shaheemirza.com
Shahee Mirza
Menu
 Background
 History
 Attack
 Tools
 Defense
Background
Do you know that it's possible that some of your
subdomains maybe taken over by somebody
else? This is due to the fact, that for some of your
DNS[Mainly CNAME] records.
People register subdomains & point it to 3rd party a
pps/websites.
A subdomain takeover is a vulnerability that results
from DNS misconfiguration.
History
:D
Ad

Recommended

How to in WPMU: Building a blog directory & Domain Mapping
How to in WPMU: Building a blog directory & Domain MappingHow to in WPMU: Building a blog directory & Domain Mapping
How to in WPMU: Building a blog directory & Domain MappingAndrea Rennick
 
Install WordPress
Install WordPressInstall WordPress
Install WordPressReema
 
How to Guide access the WebSphere Portal Prospero demo on Amazon EC2
How to Guide access the WebSphere Portal Prospero demo on Amazon EC2How to Guide access the WebSphere Portal Prospero demo on Amazon EC2
How to Guide access the WebSphere Portal Prospero demo on Amazon EC2Chris Sparshott
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security pptCheap SSL Coupon Code
 
Web topic 33 publish websites
Web topic 33  publish websitesWeb topic 33  publish websites
Web topic 33 publish websitesCK Yang
 

More Related Content

Similar to DNS hijacking at cloud

Subdomain takeover
 Subdomain takeover Subdomain takeover
Subdomain takeoverHina Rawal
 
DOMAIN NAME PROTECTION.pptx
DOMAIN NAME PROTECTION.pptxDOMAIN NAME PROTECTION.pptx
DOMAIN NAME PROTECTION.pptxsuchita74
 
Domain Access Module
Domain Access ModuleDomain Access Module
Domain Access ModuleRyan Cross
 
How to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteHow to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteVu Long Tran
 
Website Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdfWebsite Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdfDigitalGuruSanjog
 
The following steps illustrated below are used to reconfigure firewa.pdf
The following steps illustrated below are used to reconfigure firewa.pdfThe following steps illustrated below are used to reconfigure firewa.pdf
The following steps illustrated below are used to reconfigure firewa.pdfanokhijew
 
Piecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzlePiecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzleBusiness Vitality LLC
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Web375 course project web architecture plan for the de vry daily tribune new...
Web375 course project  web architecture plan for the de vry daily tribune new...Web375 course project  web architecture plan for the de vry daily tribune new...
Web375 course project web architecture plan for the de vry daily tribune new...bestwriter
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptxKailashTayde
 
How to create_a_website
How to create_a_websiteHow to create_a_website
How to create_a_websiteKL University
 
First Hosted Joomla! site
First Hosted Joomla! siteFirst Hosted Joomla! site
First Hosted Joomla! siteDouglasPickett
 
Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016Fernando Hamasaki de Amorim
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014Judy Wilson
 

Similar to DNS hijacking at cloud (20)

Subdomain takeover
 Subdomain takeover Subdomain takeover
Subdomain takeover
 
Subdomain Takeover
Subdomain TakeoverSubdomain Takeover
Subdomain Takeover
 
DOMAIN NAME PROTECTION.pptx
DOMAIN NAME PROTECTION.pptxDOMAIN NAME PROTECTION.pptx
DOMAIN NAME PROTECTION.pptx
 
Domain Access Module
Domain Access ModuleDomain Access Module
Domain Access Module
 
Domain mapping
Domain mappingDomain mapping
Domain mapping
 
How to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteHow to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your website
 
Website Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdfWebsite Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdf
 
The following steps illustrated below are used to reconfigure firewa.pdf
The following steps illustrated below are used to reconfigure firewa.pdfThe following steps illustrated below are used to reconfigure firewa.pdf
The following steps illustrated below are used to reconfigure firewa.pdf
 
Piecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzlePiecing Together the WordPress Puzzle
Piecing Together the WordPress Puzzle
 
Deep inside TOMOYO Linux
Deep inside TOMOYO LinuxDeep inside TOMOYO Linux
Deep inside TOMOYO Linux
 
Security Function
Security FunctionSecurity Function
Security Function
 
Web375 course project web architecture plan for the de vry daily tribune new...
Web375 course project  web architecture plan for the de vry daily tribune new...Web375 course project  web architecture plan for the de vry daily tribune new...
Web375 course project web architecture plan for the de vry daily tribune new...
 
Brendon Hatcher Joomla Security
Brendon Hatcher Joomla SecurityBrendon Hatcher Joomla Security
Brendon Hatcher Joomla Security
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptx
 
How to create_a_website
How to create_a_websiteHow to create_a_website
How to create_a_website
 
1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt
 
First Hosted Joomla! site
First Hosted Joomla! siteFirst Hosted Joomla! site
First Hosted Joomla! site
 
Dot Com In A Day
Dot Com In A DayDot Com In A Day
Dot Com In A Day
 
Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014
 

More from Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

More from Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia  2022IPv6 Deployment in South Asia  2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Recently uploaded

AWS Overview of AWS Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS  Clarify, Feature Store, Hyper parameter TuningAWS Overview of AWS  Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS Clarify, Feature Store, Hyper parameter TuningVarun Garg
 
history of tau gamma architect.1968.....
history of tau gamma architect.1968.....history of tau gamma architect.1968.....
history of tau gamma architect.1968.....josephiigo
 
Augmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical ProfessionalsAugmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical Professionalsthirdeyegen65
 
Red shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's CyberspaceRed shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's Cyberspacesttyk
 
Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Damar Juniarto
 
Model Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfModel Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfgalfinprihardiputra0
 
UGB INTERNETBANKING FACILITY LAUNCHED.pptx
UGB INTERNETBANKING FACILITY LAUNCHED.pptxUGB INTERNETBANKING FACILITY LAUNCHED.pptx
UGB INTERNETBANKING FACILITY LAUNCHED.pptxRitesh Sahu
 
Augmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & DefenseAugmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & Defensethirdeyegen65
 
Modern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetModern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetmatt806068
 
Obstructive jaundice is a medical condition characterized by the yellowing of...
Obstructive jaundice is a medical condition characterized by the yellowing of...Obstructive jaundice is a medical condition characterized by the yellowing of...
Obstructive jaundice is a medical condition characterized by the yellowing of...ssuser7b7f4e
 

Recently uploaded (10)

AWS Overview of AWS Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS  Clarify, Feature Store, Hyper parameter TuningAWS Overview of AWS  Clarify, Feature Store, Hyper parameter Tuning
AWS Overview of AWS Clarify, Feature Store, Hyper parameter Tuning
 
history of tau gamma architect.1968.....
history of tau gamma architect.1968.....history of tau gamma architect.1968.....
history of tau gamma architect.1968.....
 
Augmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical ProfessionalsAugmented and Mixed Reality Solutions for Frontline Medical Professionals
Augmented and Mixed Reality Solutions for Frontline Medical Professionals
 
Red shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's CyberspaceRed shadows ringing in Japan's Cyberspace
Red shadows ringing in Japan's Cyberspace
 
Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023
 
Model Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdfModel Jaringan network jaringan komputer.pdf
Model Jaringan network jaringan komputer.pdf
 
UGB INTERNETBANKING FACILITY LAUNCHED.pptx
UGB INTERNETBANKING FACILITY LAUNCHED.pptxUGB INTERNETBANKING FACILITY LAUNCHED.pptx
UGB INTERNETBANKING FACILITY LAUNCHED.pptx
 
Augmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & DefenseAugmented and Mixed Reality Solutions for Aerospace & Defense
Augmented and Mixed Reality Solutions for Aerospace & Defense
 
Modern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budgetModern Red Teaming - subverting mature defenses on a budget
Modern Red Teaming - subverting mature defenses on a budget
 
Obstructive jaundice is a medical condition characterized by the yellowing of...
Obstructive jaundice is a medical condition characterized by the yellowing of...Obstructive jaundice is a medical condition characterized by the yellowing of...
Obstructive jaundice is a medical condition characterized by the yellowing of...
 

DNS hijacking at cloud

  • 1. DNS HIJACKING AT CLOUD Your forgotten subdomain going to hurt you.
  • 2. Co-Founder @ BEETLES (beetles.io) Twitter: @shaheemirza Web: shaheemirza.com Shahee Mirza
  • 3. Menu  Background  History  Attack  Tools  Defense
  • 4. Background Do you know that it's possible that some of your subdomains maybe taken over by somebody else? This is due to the fact, that for some of your DNS[Mainly CNAME] records. People register subdomains & point it to 3rd party a pps/websites. A subdomain takeover is a vulnerability that results from DNS misconfiguration.
  • 6. :D
  • 7. Attack 1- Your company starts new service like blog 2- Your company points a subdomain to the blog-provider- service.com, eg blog.your-company.com 3- Your company stops the project and forgets to remove the subdomain redirection pointing to the blog-provider- service.com. 4- Attacker signs up for the Service and claims the domain as theirs. 5- Attacker now can post a defacement or put an HTML Form and asks users to login (Perform phishing attack).
  • 9. Now You know it all, Then forget Me
  • 10. Wait!! I have more to share….. The tools list
  • 11. Tools  Subbrute  Nmap  Recon-Ng  DNSRecon  HostileSubBruteforc er  Gobuster  DNSenum  AltDNS  Sublist3r  Knock
  • 12. Defense  Check your DNS configuration for subdomains pointing to services not in use.  Keep your DNS entries constantly vetted and restricted.