YoVDO

DNS Hijacking Using Cloud Providers: No Verification Needed - AppSec EU 2017

Offered By: OWASP Foundation via YouTube

Tags

DNS Security Courses Cybersecurity Courses Amazon Web Services (AWS) Courses Network Security Courses Heroku Courses Web Application Security Courses Cloud Security Courses Vulnerability Assessment Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore domain hijacking techniques in this 36-minute conference talk from AppSec EU 2017. Delve into both disclosed and undisclosed methods for taking control of domains, nameservers, and DNS providers. Learn about vulnerabilities in cloud services like AWS, Heroku, and GitHub, and discover why existing tools fail to detect certain hijacking scenarios. Gain insights into specific techniques, including subdomain takeover, Facebook takeover, orphaned EC2 IP addresses, and email snooping through MX records. Understand the limitations of current vulnerability detection tools and the importance of comprehensive domain security measures.

Syllabus

Introduction
Agenda
Subdomain Takeover
Facebook Takeover
Reports
Promaster
Tools
What are they looking for
Matthew Bryant
No Error
orphaned EC2 IP
DNS Flow
Competition
Email snooping
MX records
Final notes


Taught by

OWASP Foundation

Related Courses

Introduction to Agile Software Development: Tools & Techniques
University of California, Berkeley via edX Advanced Topics and Techniques in Agile Software Development
University of California, Berkeley via edX Ruby on Rails: An Introduction
Johns Hopkins University via Coursera Deploying Applications with Heroku
Udacity Django Core | A Reference Guide to Core Django Concepts
Udemy