YoVDO

DNS Hijacking Using Cloud Providers: No Verification Needed - AppSec EU 2017

Offered By: OWASP Foundation via YouTube

Tags

DNS Security Courses Cybersecurity Courses Amazon Web Services (AWS) Courses Network Security Courses Heroku Courses Web Application Security Courses Cloud Security Courses Vulnerability Assessment Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore domain hijacking techniques in this 36-minute conference talk from AppSec EU 2017. Delve into both disclosed and undisclosed methods for taking control of domains, nameservers, and DNS providers. Learn about vulnerabilities in cloud services like AWS, Heroku, and GitHub, and discover why existing tools fail to detect certain hijacking scenarios. Gain insights into specific techniques, including subdomain takeover, Facebook takeover, orphaned EC2 IP addresses, and email snooping through MX records. Understand the limitations of current vulnerability detection tools and the importance of comprehensive domain security measures.

Syllabus

Introduction
Agenda
Subdomain Takeover
Facebook Takeover
Reports
Promaster
Tools
What are they looking for
Matthew Bryant
No Error
orphaned EC2 IP
DNS Flow
Competition
Email snooping
MX records
Final notes


Taught by

OWASP Foundation

Related Courses

An Introduction to Computer Networks
Stanford University via Independent Computer Networks
University of Washington via Coursera Computer Networking
Georgia Institute of Technology via Udacity Cybersecurity and Its Ten Domains
University System of Georgia via Coursera Model Building and Validation
AT&T via Udacity