Same Thing We Do Every Few Minutes, Pinky - Try to Take Over All Your Subdomains!

Explore the steps Starbucks has taken to reduce subdomain takeover vulnerabilities in this 53-minute RSA Conference talk. Learn about the company's approach to education, detection, prevention, engagement, and hardening. Gain insights into DNS basics, cloud application security, and the challenges of subdomain takeover. Discover the tools and processes implemented, including the development of submon-cli, to address this security concern. Understand the complexities of different cloud providers' approaches and the importance of fast event notification for DNS name releases. Suitable for those with a basic understanding of DNS and cloud/web applications.

Intro
Sidebar - an intro to DNS
What is subdomain takeover?
Why can't cloud providers simply make it not a thing?
How did a takeover happen during training?
Talking to the developers
Disclosure leads to heightened interest, confusion
We can no longer afford manual processes
How do we get better? Faster?
What tools are in the space?
So we built submon-cli
Choices made
The architecture of submon-cli
Not a simple match of DNS resource name
How does this fail?
There are other kinds of SDTO...
Oracle - tenancy namespace in DNS names
AWS-randomly assigned name servers
Azure - machine readable list of IP ranges
Postpone DNS name release in Enterprise subscriptions
Event notification (fast!) on DNS name release
Mapping between DNS names, resource types
And finally...
Questions?