DNS Hijacking Using Cloud Providers: No Verification Needed - AppSec EU 2017
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore domain hijacking techniques in this 36-minute conference talk from AppSec EU 2017. Delve into both disclosed and undisclosed methods for taking control of domains, nameservers, and DNS providers. Learn about vulnerabilities in cloud services like AWS, Heroku, and GitHub, and discover why existing tools fail to detect certain hijacking scenarios. Gain insights into specific techniques, including subdomain takeover, Facebook takeover, orphaned EC2 IP addresses, and email snooping through MX records. Understand the limitations of current vulnerability detection tools and the importance of comprehensive domain security measures.
Syllabus
Introduction
Agenda
Subdomain Takeover
Facebook Takeover
Reports
Promaster
Tools
What are they looking for
Matthew Bryant
No Error
orphaned EC2 IP
DNS Flow
Competition
Email snooping
MX records
Final notes
Taught by
OWASP Foundation
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network