Hostile Subdomain Takeover

HST in a minute

People register subdomains & point it to 3rd party apps/websites

Github pages, Heroku, S3, AWS are some examples

Sometimes they migrate or stop using the feature and forget to remove the name pointer

An entry exists at nameserver pointing to a page

Create an account and claim that page.

Done!

#OkThxBye

Interactive Session

Lets talk DNS & NameServers

DEMO

Defense

Check your DNS-configuration for subdomains pointing to services not in use.

Keep your DNS-entries constantly vetted and restricted.

Thanks To

Prakhar Prasad (@prakharprasad)

Detectify https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/