DNS hijacking using cloud providers - No verification needed

A few years ago, Frans and his team posted an article on Detectify Labs regarding domain hijacking using services like AWS, Heroku and GitHub. These issues still remains and are still affecting a lot of companies. Jonathan Claudius from Mozilla even calls “Subdomain takeover” “the new XSS”. Since then, many tools have popped up to spot these sorts of vulnerabilities.

However, there are many more ways to hijack domains, nameservers and DNS-providers. The tools that exists today are missing functionality to cover most of the cases. Frans will go through both the currently disclosed and the non-disclosed ways to take control over domains and will share the specific techniques involved.

This was presented at Security Fest 2017.

Speakers: Frans Rosén

About Frans Rosén

Frans Rosén

Frans Rosén is a tech entrepreneur, bug bounty hunter and a Knowledge Advisor at Detectify, a security service for developers. He's a frequent blogger at Detectify Labs and a top ranked participant of bug bounty programs, receiving the highest bounty payout ever on HackerOne.

 
Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.