SlideShare a Scribd company logo

Subdomain takeover

Hina Rawal
Hina Rawal

Hackers can claim subdomains with the help of external services. This attack is practically non-traceable, and affects service providers and multiple domains are affected.

Engineering
1 of 16
Subdomain Take Over PRESENTED BY HEENA RAWAL ATTACK & PENTEST TEAM
Index What is Domain Name Service? How it works? What is Subdomain? What is Subdomain Takeover? All About CNAME How to find CNAME records? Impact of the issue Let’s Takeover Subdomain (Practical_approach) Mitigation Reference
What is domain name services ?
How DNS work? Facebook.com Hey resolver !! What is the IP address of facebook.com
What is subdomain? support.facebook.com Main Domain Subdomain Domain Extension Subdomain is a part of main domain. In above URL, main domain name is facebook with extension .com and part of this main domain is support which is called subdomain of this main domain.
Why?
What is subdomain takeover? Subdomain Takeover is a type of vulnerability which occurs due to Misconfiguration of DNS CNAME records or forget to delete DNS entry. Scenario Example: when a company has configured a DNS CNAME entry for one of its subdomains pointing to an external service (ex: Heroku, Github Pages, Bitbucket, Tilda, AWS S3 Bucket, Shopify etc.) but the service is no longer utilized by that company. In that condition, an attacker could register to the external service and claim the affected subdomain to configure his/her services to point affected subdomain.
All about CNAME A (CNAME) Canonical Name record is a type of resource record in the Domain Name System which maps one domain name to another This can prove convenient when running multiple services from a single IP address such as www, mail, blog etc are used while using domain hosting.
How to find CNAME records? There is n-number of ways to find the CNAME record to associate subdomain. In this section, I'll show you a few of techniques to find the CNAME record of the specific subdomain. DIG COMMAND Command DNS Server Subdomain Name Type
Output
Impact of the issue Easy to sign up for a new account An attacker can build a complete clone of the site It is a covert operation that even the domain owner won’t notice Authentication bypass, CORS bypass & Many other high risk vulnerabilities.
Mitigation Remove the DNS-configuration of the external service on your subdomain. SOC Analyst Part Domain monitoring is a service for monitoring your subdomains for potential subdomain takeovers. It monitors changes within public DNS resolvers and warns you as soon as we detect any anomalies.
References  https://blog.initd.sh/others-attacks/mis-configuration/subdomain-takeover- explained/  https://0xpatrik.com/subdomain-takeover-ns/ https://cloudacademy.com/blog/how-dns-works/
Thank You …

Recommended

Subdomain Takeover
Subdomain TakeoverSubdomain Takeover
Subdomain Takeover
AkshayPandurangi
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
n|u - The Open Security Community
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNS
ThousandEyes
 
Subdomain Enumeration
Subdomain EnumerationSubdomain Enumeration
Subdomain Enumeration
AkshayPandurangi
 
Chapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptChapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptwebhostingguy
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
Sam Bowne
 
DNS Attacks
DNS AttacksDNS Attacks
DNS AttacksHimanshu Prabhakar
 
Dns ppt
Dns pptDns ppt
Dns pptBizuworkk Jemaneh
 

Recommended

Subdomain Takeover
Subdomain TakeoverSubdomain Takeover
Subdomain Takeover
AkshayPandurangi
 
Securing dns records from subdomain takeover
Securing dns records from subdomain takeoverSecuring dns records from subdomain takeover
Securing dns records from subdomain takeover
n|u - The Open Security Community
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNS
ThousandEyes
 
Subdomain Enumeration
Subdomain EnumerationSubdomain Enumeration
Subdomain Enumeration
AkshayPandurangi
 
Chapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptChapter 29 Domain Name System.ppt
Chapter 29 Domain Name System.pptwebhostingguy
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
Sam Bowne
 
DNS Attacks
DNS AttacksDNS Attacks
DNS AttacksHimanshu Prabhakar
 
Dns ppt
Dns pptDns ppt
Dns pptBizuworkk Jemaneh
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dnsAnand Grewal
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDS
Amazon Web Services
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated email
rinnocente
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
thoms1i
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
Amazon Web Services
 
Dns security
Dns securityDns security
Dns security
Dhaval Kapil
 
Aws route 53
Aws route 53Aws route 53
Aws route 53
Rafael Salerno de Oliveira
 
AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3) AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3)
zekeLabs Technologies
 
AWS Route53 Fundamentals
AWS Route53 FundamentalsAWS Route53 Fundamentals
AWS Route53 Fundamentals
Piyush Agrawal
 
Security of DNS
Security of DNSSecurity of DNS
Security of DNSPhilippe Camacho, Ph.D.
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Web Services
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
Peter R. Egli
 
Active directory slides
Active directory slidesActive directory slides
Active directory slides
Timothy Moffatt
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)
Shashidhara Vyakaranal
 
What is active directory
What is active directoryWhat is active directory
What is active directory
Adeel Khurram
 
Presentación1 DNS
Presentación1 DNSPresentación1 DNS
Presentación1 DNSCarlos Higuera
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
Napoleon NV
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
masbulosoke
 
Active Directory
Active Directory Active Directory
Active Directory
Sandeep Kapadane
 
Dns server
Dns server Dns server
Dns server
kajal sood
 
7 understanding DNS
7 understanding DNS7 understanding DNS
7 understanding DNS
Hameda Hurmat
 
DNS hijacking at cloud
DNS hijacking at cloud DNS hijacking at cloud
DNS hijacking at cloud
Bangladesh Network Operators Group
 

More Related Content

What's hot

Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dnsAnand Grewal
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDS
Amazon Web Services
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated email
rinnocente
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
thoms1i
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
Amazon Web Services
 
Dns security
Dns securityDns security
Dns security
Dhaval Kapil
 
Aws route 53
Aws route 53Aws route 53
Aws route 53
Rafael Salerno de Oliveira
 
AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3) AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3)
zekeLabs Technologies
 
AWS Route53 Fundamentals
AWS Route53 FundamentalsAWS Route53 Fundamentals
AWS Route53 Fundamentals
Piyush Agrawal
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Web Services
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
Peter R. Egli
 
Active directory slides
Active directory slidesActive directory slides
Active directory slides
Timothy Moffatt
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)
Shashidhara Vyakaranal
 
What is active directory
What is active directoryWhat is active directory
What is active directory
Adeel Khurram
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
Napoleon NV
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
masbulosoke
 
Active Directory
Active Directory Active Directory
Active Directory
Sandeep Kapadane
 
Dns server
Dns server Dns server
Dns server
kajal sood
 

What's hot (20)

Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDS
 
TLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated emailTLS, SPF, DKIM, DMARC, authenticated email
TLS, SPF, DKIM, DMARC, authenticated email
 
Introduction to Active Directory
Introduction to Active DirectoryIntroduction to Active Directory
Introduction to Active Directory
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
 
Dns security
Dns securityDns security
Dns security
 
Aws route 53
Aws route 53Aws route 53
Aws route 53
 
AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3) AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3)
 
AWS Route53 Fundamentals
AWS Route53 FundamentalsAWS Route53 Fundamentals
AWS Route53 Fundamentals
 
Security of DNS
Security of DNSSecurity of DNS
Security of DNS
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 
Active directory slides
Active directory slidesActive directory slides
Active directory slides
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)
 
What is active directory
What is active directoryWhat is active directory
What is active directory
 
Presentación1 DNS
Presentación1 DNSPresentación1 DNS
Presentación1 DNS
 
Windows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory DomainWindows Server 2012 Managing Active Directory Domain
Windows Server 2012 Managing Active Directory Domain
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
 
Active Directory
Active Directory Active Directory
Active Directory
 
Dns server
Dns server Dns server
Dns server
 

Similar to Subdomain takeover

7 understanding DNS
7 understanding DNS7 understanding DNS
7 understanding DNS
Hameda Hurmat
 
DNS hijacking at cloud
DNS hijacking at cloud DNS hijacking at cloud
DNS hijacking at cloud
Bangladesh Network Operators Group
 
Active directory dns
Active directory dnsActive directory dns
Active directory dns
palashghosh123
 
Active directory dns
Active directory dnsActive directory dns
Active directory dns
palashghosh123
 
Windows server 2008 step by-step guide for dns in small networks
Windows server 2008 step by-step guide for dns in small networksWindows server 2008 step by-step guide for dns in small networks
Windows server 2008 step by-step guide for dns in small networks
Ochiroo Dorj
 
Nameserver: What Is It And What Does It Do?
Nameserver: What Is It And What Does It Do?Nameserver: What Is It And What Does It Do?
Nameserver: What Is It And What Does It Do?
Host It Smart
 
Streamlining DNS Checks in Flutter Apps
Streamlining DNS Checks in Flutter AppsStreamlining DNS Checks in Flutter Apps
Streamlining DNS Checks in Flutter Apps
Flutter Agency
 
DNS.docx
DNS.docxDNS.docx
DNS.docx
gatetesam
 
Pmw2 k3ni 1-2b
Pmw2 k3ni 1-2bPmw2 k3ni 1-2b
Pmw2 k3ni 1-2bhariclant1
 
How we hijacked 26+ subdomains
How we hijacked 26+ subdomainsHow we hijacked 26+ subdomains
How we hijacked 26+ subdomains
n|u - The Open Security Community
 
1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt
KirthiKanthN
 
Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...
Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...
Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...
Amazon Web Services
 
2016 state of the internet threat advisory dnssec ddos amplification attacks
2016 state of the internet threat advisory dnssec ddos amplification attacks2016 state of the internet threat advisory dnssec ddos amplification attacks
2016 state of the internet threat advisory dnssec ddos amplification attacks
Andrey Apuhtin
 
P1WS Lunch & Learn: How the Web Works
P1WS Lunch & Learn: How the Web WorksP1WS Lunch & Learn: How the Web Works
P1WS Lunch & Learn: How the Web Works
Page One Web Solutions
 
FOCA 2.5.5 Training
FOCA 2.5.5 TrainingFOCA 2.5.5 Training
FOCA 2.5.5 Training
Chema Alonso
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
FindWhitePapers
 
Domain Access Module
Domain Access ModuleDomain Access Module
Domain Access Module
Ryan Cross
 
AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, fe...
AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, fe...AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, fe...
AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, fe...
Amazon Web Services
 

Similar to Subdomain takeover (20)

7 understanding DNS
7 understanding DNS7 understanding DNS
7 understanding DNS
 
DNS hijacking at cloud
DNS hijacking at cloud DNS hijacking at cloud
DNS hijacking at cloud
 
Active directory dns
Active directory dnsActive directory dns
Active directory dns
 
Active directory dns
Active directory dnsActive directory dns
Active directory dns
 
Windows server 2008 step by-step guide for dns in small networks
Windows server 2008 step by-step guide for dns in small networksWindows server 2008 step by-step guide for dns in small networks
Windows server 2008 step by-step guide for dns in small networks
 
Nameserver: What Is It And What Does It Do?
Nameserver: What Is It And What Does It Do?Nameserver: What Is It And What Does It Do?
Nameserver: What Is It And What Does It Do?
 
Streamlining DNS Checks in Flutter Apps
Streamlining DNS Checks in Flutter AppsStreamlining DNS Checks in Flutter Apps
Streamlining DNS Checks in Flutter Apps
 
DNS.docx
DNS.docxDNS.docx
DNS.docx
 
Pmw2 k3ni 1-2b
Pmw2 k3ni 1-2bPmw2 k3ni 1-2b
Pmw2 k3ni 1-2b
 
How we hijacked 26+ subdomains
How we hijacked 26+ subdomainsHow we hijacked 26+ subdomains
How we hijacked 26+ subdomains
 
1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt
 
Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...
Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...
Centralizing DNS Management in a Multi-Account Environment (NET322-R2) - AWS ...
 
2016 state of the internet threat advisory dnssec ddos amplification attacks
2016 state of the internet threat advisory dnssec ddos amplification attacks2016 state of the internet threat advisory dnssec ddos amplification attacks
2016 state of the internet threat advisory dnssec ddos amplification attacks
 
70 640 Lesson02 Ppt 041009
70 640 Lesson02 Ppt 04100970 640 Lesson02 Ppt 041009
70 640 Lesson02 Ppt 041009
 
P1WS Lunch & Learn: How the Web Works
P1WS Lunch & Learn: How the Web WorksP1WS Lunch & Learn: How the Web Works
P1WS Lunch & Learn: How the Web Works
 
FOCA 2.5.5 Training
FOCA 2.5.5 TrainingFOCA 2.5.5 Training
FOCA 2.5.5 Training
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
 
Domain Access Module
Domain Access ModuleDomain Access Module
Domain Access Module
 
AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, fe...
AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, fe...AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, fe...
AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, fe...
 
6425 b 10
6425 b 106425 b 10
6425 b 10
 

Recently uploaded

Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
SupreethSP4
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
Kamal Acharya
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
seandesed
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
R&R Consult
 
AP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specificAP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specific
BrazilAccount1
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
Kamal Acharya
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
AJAYKUMARPUND1
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
AhmedHussein950959
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
Kerry Sado
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
karthi keyan
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 

Recently uploaded (20)

Runway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptxRunway Orientation Based on the Wind Rose Diagram.pptx
Runway Orientation Based on the Wind Rose Diagram.pptx
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
 
Architectural Portfolio Sean Lockwood
Architectural Portfolio Sean LockwoodArchitectural Portfolio Sean Lockwood
Architectural Portfolio Sean Lockwood
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxCFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptx
 
AP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specificAP LAB PPT.pdf ap lab ppt no title specific
AP LAB PPT.pdf ap lab ppt no title specific
 
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
Final project report on grocery store management system..pdf
Final project report on grocery store management system..pdfFinal project report on grocery store management system..pdf
Final project report on grocery store management system..pdf
 
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
Pile Foundation by Venkatesh Taduvai (Sub Geotechnical Engineering II)-conver...
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 
ASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdfASME IX(9) 2007 Full Version .pdf
ASME IX(9) 2007 Full Version .pdf
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
 
CME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional ElectiveCME397 Surface Engineering- Professional Elective
CME397 Surface Engineering- Professional Elective
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 

Subdomain takeover

  • 1. Subdomain Take Over PRESENTED BY HEENA RAWAL ATTACK & PENTEST TEAM
  • 2. Index What is Domain Name Service? How it works? What is Subdomain? What is Subdomain Takeover? All About CNAME How to find CNAME records? Impact of the issue Let’s Takeover Subdomain (Practical_approach) Mitigation Reference
  • 3. What is domain name services ?
  • 4.
  • 5. How DNS work? Facebook.com Hey resolver !! What is the IP address of facebook.com
  • 6. What is subdomain? support.facebook.com Main Domain Subdomain Domain Extension Subdomain is a part of main domain. In above URL, main domain name is facebook with extension .com and part of this main domain is support which is called subdomain of this main domain.
  • 8. What is subdomain takeover? Subdomain Takeover is a type of vulnerability which occurs due to Misconfiguration of DNS CNAME records or forget to delete DNS entry. Scenario Example: when a company has configured a DNS CNAME entry for one of its subdomains pointing to an external service (ex: Heroku, Github Pages, Bitbucket, Tilda, AWS S3 Bucket, Shopify etc.) but the service is no longer utilized by that company. In that condition, an attacker could register to the external service and claim the affected subdomain to configure his/her services to point affected subdomain.
  • 9. All about CNAME A (CNAME) Canonical Name record is a type of resource record in the Domain Name System which maps one domain name to another This can prove convenient when running multiple services from a single IP address such as www, mail, blog etc are used while using domain hosting.
  • 10. How to find CNAME records? There is n-number of ways to find the CNAME record to associate subdomain. In this section, I'll show you a few of techniques to find the CNAME record of the specific subdomain. DIG COMMAND Command DNS Server Subdomain Name Type
  • 12. Impact of the issue Easy to sign up for a new account An attacker can build a complete clone of the site It is a covert operation that even the domain owner won’t notice Authentication bypass, CORS bypass & Many other high risk vulnerabilities.
  • 13.
  • 14. Mitigation Remove the DNS-configuration of the external service on your subdomain. SOC Analyst Part Domain monitoring is a service for monitoring your subdomains for potential subdomain takeovers. It monitors changes within public DNS resolvers and warns you as soon as we detect any anomalies.