Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

DNS Hijacking Using Cloud Providers: No Verification Needed - AppSec EU 2017

OWASP Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore domain hijacking techniques in this 36-minute conference talk from AppSec EU 2017. Delve into both disclosed and undisclosed methods for taking control of domains, nameservers, and DNS providers. Learn about vulnerabilities in cloud services like AWS, Heroku, and GitHub, and discover why existing tools fail to detect certain hijacking scenarios. Gain insights into specific techniques, including subdomain takeover, Facebook takeover, orphaned EC2 IP addresses, and email snooping through MX records. Understand the limitations of current vulnerability detection tools and the importance of comprehensive domain security measures.

Syllabus

Introduction
Agenda
Subdomain Takeover
Facebook Takeover
Reports
Promaster
Tools
What are they looking for
Matthew Bryant
No Error
orphaned EC2 IP
DNS Flow
Competition
Email snooping
MX records
Final notes

Taught by

OWASP Foundation

Reviews

Start your review of DNS Hijacking Using Cloud Providers: No Verification Needed - AppSec EU 2017

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.