YoVDO

DNS Hijacking Using Cloud Providers: No Verification Needed - AppSec EU 2017

Offered By: OWASP Foundation via YouTube

Tags

DNS Security Courses Cybersecurity Courses Amazon Web Services (AWS) Courses Network Security Courses Heroku Courses Web Application Security Courses Cloud Security Courses Vulnerability Assessment Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore domain hijacking techniques in this 36-minute conference talk from AppSec EU 2017. Delve into both disclosed and undisclosed methods for taking control of domains, nameservers, and DNS providers. Learn about vulnerabilities in cloud services like AWS, Heroku, and GitHub, and discover why existing tools fail to detect certain hijacking scenarios. Gain insights into specific techniques, including subdomain takeover, Facebook takeover, orphaned EC2 IP addresses, and email snooping through MX records. Understand the limitations of current vulnerability detection tools and the importance of comprehensive domain security measures.

Syllabus

Introduction
Agenda
Subdomain Takeover
Facebook Takeover
Reports
Promaster
Tools
What are they looking for
Matthew Bryant
No Error
orphaned EC2 IP
DNS Flow
Competition
Email snooping
MX records
Final notes


Taught by

OWASP Foundation

Related Courses

Communicating Data Science Results
University of Washington via Coursera Cloud Computing Applications, Part 2: Big Data and Applications in the Cloud
University of Illinois at Urbana-Champaign via Coursera Cloud Computing Infrastructure
University System of Maryland via edX Google Cloud Platform for AWS Professionals
Google via Coursera Introduction to Apache Spark and AWS
University of London International Programmes via Coursera