Same Thing We Do Every Few Minutes, Pinky - Try to Take Over All Your Subdomains!
Offered By: RSA Conference via YouTube
Course Description
Overview
Syllabus
Intro
Sidebar - an intro to DNS
What is subdomain takeover?
Why can't cloud providers simply make it not a thing?
How did a takeover happen during training?
Talking to the developers
Disclosure leads to heightened interest, confusion
We can no longer afford manual processes
How do we get better? Faster?
What tools are in the space?
So we built submon-cli
Choices made
The architecture of submon-cli
Not a simple match of DNS resource name
How does this fail?
There are other kinds of SDTO...
Oracle - tenancy namespace in DNS names
AWS-randomly assigned name servers
Azure - machine readable list of IP ranges
Postpone DNS name release in Enterprise subscriptions
Event notification (fast!) on DNS name release
Mapping between DNS names, resource types
And finally...
Questions?
Taught by
RSA Conference
Related Courses
MongoDB for .NET DevelopersMongoDB University Web Application Development – Capstone Course
University of New Mexico via Coursera Ciberseguridad: ataques y contramedidas
Universidad Rey Juan Carlos via Independent Reliable Cloud Infrastructure: Design and Process auf Deutsch
Google Cloud via Coursera Securing and Integrating Components of your Application 日本語版
Google Cloud via Coursera