Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DNS hijacking at cloud


Published on

DNS hijacking at cloud

Published in: Internet
  • Be the first to comment

  • Be the first to like this

DNS hijacking at cloud

  1. 1. DNS HIJACKING AT CLOUD Your forgotten subdomain going to hurt you.
  2. 2. Co-Founder @ BEETLES ( Twitter: @shaheemirza Web: Shahee Mirza
  3. 3. Menu  Background  History  Attack  Tools  Defense
  4. 4. Background Do you know that it's possible that some of your subdomains maybe taken over by somebody else? This is due to the fact, that for some of your DNS[Mainly CNAME] records. People register subdomains & point it to 3rd party a pps/websites. A subdomain takeover is a vulnerability that results from DNS misconfiguration.
  5. 5. History
  6. 6. :D
  7. 7. Attack 1- Your company starts new service like blog 2- Your company points a subdomain to the blog-provider-, eg 3- Your company stops the project and forgets to remove the subdomain redirection pointing to the blog-provider- 4- Attacker signs up for the Service and claims the domain as theirs. 5- Attacker now can post a defacement or put an HTML Form and asks users to login (Perform phishing attack).
  8. 8. Demo Video
  9. 9. Now You know it all, Then forget Me
  10. 10. Wait!! I have more to share….. The tools list
  11. 11. Tools  Subbrute  Nmap  Recon-Ng  DNSRecon  HostileSubBruteforc er  Gobuster  DNSenum  AltDNS  Sublist3r  Knock
  12. 12. Defense  Check your DNS configuration for subdomains pointing to services not in use.  Keep your DNS entries constantly vetted and restricted.
  13. 13. THANKS! Twitter: @shaheemirza