SlideShare una empresa de Scribd logo

DNS hijacking at cloud

Descargar como PPTX, PDF
Bangladesh Network Operators Group
Bangladesh Network Operators Group

DNS hijacking at cloud

Internet
1 de 13
DNS HIJACKING AT CLOUD Your forgotten subdomain going to hurt you.
Co-Founder @ BEETLES (beetles.io) Twitter: @shaheemirza Web: shaheemirza.com Shahee Mirza
Menu  Background  History  Attack  Tools  Defense
Background Do you know that it's possible that some of your subdomains maybe taken over by somebody else? This is due to the fact, that for some of your DNS[Mainly CNAME] records. People register subdomains & point it to 3rd party a pps/websites. A subdomain takeover is a vulnerability that results from DNS misconfiguration.
History
:D
Attack 1- Your company starts new service like blog 2- Your company points a subdomain to the blog-provider- service.com, eg blog.your-company.com 3- Your company stops the project and forgets to remove the subdomain redirection pointing to the blog-provider- service.com. 4- Attacker signs up for the Service and claims the domain as theirs. 5- Attacker now can post a defacement or put an HTML Form and asks users to login (Perform phishing attack).
Demo Video
Now You know it all, Then forget Me
Wait!! I have more to share….. The tools list
Tools  Subbrute  Nmap  Recon-Ng  DNSRecon  HostileSubBruteforc er  Gobuster  DNSenum  AltDNS  Sublist3r  Knock
Defense  Check your DNS configuration for subdomains pointing to services not in use.  Keep your DNS entries constantly vetted and restricted.
THANKS! Twitter: @shaheemirza

Recomendados

Wcmtl andrear-domain-mapping
Wcmtl andrear-domain-mappingWcmtl andrear-domain-mapping
Wcmtl andrear-domain-mappingMontreal WordPress Community
 
How to in WPMU: Building a blog directory & Domain Mapping
How to in WPMU: Building a blog directory & Domain MappingHow to in WPMU: Building a blog directory & Domain Mapping
How to in WPMU: Building a blog directory & Domain MappingAndrea Rennick
 
Domain mapping
Domain mappingDomain mapping
Domain mappingAndrea Rennick
 
DigitalInsights-ECM-WordPress-Session
DigitalInsights-ECM-WordPress-SessionDigitalInsights-ECM-WordPress-Session
DigitalInsights-ECM-WordPress-SessionDigital Insights - Digital Marketing Agency
 
Install WordPress
Install WordPressInstall WordPress
Install WordPressReema
 
How to Guide access the WebSphere Portal Prospero demo on Amazon EC2
How to Guide access the WebSphere Portal Prospero demo on Amazon EC2How to Guide access the WebSphere Portal Prospero demo on Amazon EC2
How to Guide access the WebSphere Portal Prospero demo on Amazon EC2Chris Sparshott
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security pptCheap SSL Coupon Code
 
Web topic 33 publish websites
Web topic 33 publish websitesWeb topic 33 publish websites
Web topic 33 publish websitesCK Yang
 

Recomendados

Wcmtl andrear-domain-mapping
Wcmtl andrear-domain-mappingWcmtl andrear-domain-mapping
Wcmtl andrear-domain-mappingMontreal WordPress Community
 
How to in WPMU: Building a blog directory & Domain Mapping
How to in WPMU: Building a blog directory & Domain MappingHow to in WPMU: Building a blog directory & Domain Mapping
How to in WPMU: Building a blog directory & Domain MappingAndrea Rennick
 
Domain mapping
Domain mappingDomain mapping
Domain mappingAndrea Rennick
 
DigitalInsights-ECM-WordPress-Session
DigitalInsights-ECM-WordPress-SessionDigitalInsights-ECM-WordPress-Session
DigitalInsights-ECM-WordPress-SessionDigital Insights - Digital Marketing Agency
 
Install WordPress
Install WordPressInstall WordPress
Install WordPressReema
 
How to Guide access the WebSphere Portal Prospero demo on Amazon EC2
How to Guide access the WebSphere Portal Prospero demo on Amazon EC2How to Guide access the WebSphere Portal Prospero demo on Amazon EC2
How to Guide access the WebSphere Portal Prospero demo on Amazon EC2Chris Sparshott
 
Tips to improve word press security ppt
Tips to improve word press security pptTips to improve word press security ppt
Tips to improve word press security pptCheap SSL Coupon Code
 
Web topic 33 publish websites
Web topic 33 publish websitesWeb topic 33 publish websites
Web topic 33 publish websitesCK Yang
 
Subdomain takeover
Subdomain takeover Subdomain takeover
Subdomain takeoverHina Rawal
 
Subdomain Takeover
Subdomain TakeoverSubdomain Takeover
Subdomain TakeoverAkshayPandurangi
 
Domain Access Module
Domain Access ModuleDomain Access Module
Domain Access ModuleRyan Cross
 
Domain mapping
Domain mappingDomain mapping
Domain mappingAndrea Rennick
 
How to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteHow to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteVu Long Tran
 
Website Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdfWebsite Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdfDigitalGuruSanjog
 
Piecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzlePiecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzleBusiness Vitality LLC
 
Deep inside TOMOYO Linux
Deep inside TOMOYO LinuxDeep inside TOMOYO Linux
Deep inside TOMOYO LinuxToshiharu Harada, Ph.D
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Web375 course project web architecture plan for the de vry daily tribune new...
Web375 course project web architecture plan for the de vry daily tribune new...Web375 course project web architecture plan for the de vry daily tribune new...
Web375 course project web architecture plan for the de vry daily tribune new...bestwriter
 
Brendon Hatcher Joomla Security
Brendon Hatcher Joomla SecurityBrendon Hatcher Joomla Security
Brendon Hatcher Joomla SecurityJoomla Day South Africa
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptxKailashTayde
 
How to create_a_website
How to create_a_websiteHow to create_a_website
How to create_a_websiteKL University
 
1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt1.1 DNS.ppt.ppt
1.1 DNS.ppt.pptKirthiKanthN
 
First Hosted Joomla! site
First Hosted Joomla! siteFirst Hosted Joomla! site
First Hosted Joomla! siteDouglasPickett
 
Dot Com In A Day
Dot Com In A DayDot Com In A Day
Dot Com In A DayAndrew Wright
 
Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016Fernando Hamasaki de Amorim
 
Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...
Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...
Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...It4int
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014Judy Wilson
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemJennifer Nichols
 
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJBangladesh Network Operators Group
 

Más contenido relacionado

Similar a DNS hijacking at cloud

Subdomain takeover
Subdomain takeover Subdomain takeover
Subdomain takeoverHina Rawal
 
Domain Access Module
Domain Access ModuleDomain Access Module
Domain Access ModuleRyan Cross
 
How to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteHow to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteVu Long Tran
 
Website Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdfWebsite Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdfDigitalGuruSanjog
 
Piecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzlePiecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzleBusiness Vitality LLC
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Web375 course project web architecture plan for the de vry daily tribune new...
Web375 course project web architecture plan for the de vry daily tribune new...Web375 course project web architecture plan for the de vry daily tribune new...
Web375 course project web architecture plan for the de vry daily tribune new...bestwriter
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptxKailashTayde
 
How to create_a_website
How to create_a_websiteHow to create_a_website
How to create_a_websiteKL University
 
First Hosted Joomla! site
First Hosted Joomla! siteFirst Hosted Joomla! site
First Hosted Joomla! siteDouglasPickett
 
Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016Fernando Hamasaki de Amorim
 
Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...
Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...
Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...It4int
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014Judy Wilson
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemJennifer Nichols
 

Similar a DNS hijacking at cloud (20)

Subdomain takeover
Subdomain takeover Subdomain takeover
Subdomain takeover
 
Subdomain Takeover
Subdomain TakeoverSubdomain Takeover
Subdomain Takeover
 
Domain Access Module
Domain Access ModuleDomain Access Module
Domain Access Module
 
Domain mapping
Domain mappingDomain mapping
Domain mapping
 
How to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your websiteHow to test if Cloudflare is running live for your website
How to test if Cloudflare is running live for your website
 
Website Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdfWebsite Building Part 01 - Basics.pdf
Website Building Part 01 - Basics.pdf
 
Piecing Together the WordPress Puzzle
Piecing Together the WordPress PuzzlePiecing Together the WordPress Puzzle
Piecing Together the WordPress Puzzle
 
Deep inside TOMOYO Linux
Deep inside TOMOYO LinuxDeep inside TOMOYO Linux
Deep inside TOMOYO Linux
 
Security Function
Security FunctionSecurity Function
Security Function
 
Web375 course project web architecture plan for the de vry daily tribune new...
Web375 course project web architecture plan for the de vry daily tribune new...Web375 course project web architecture plan for the de vry daily tribune new...
Web375 course project web architecture plan for the de vry daily tribune new...
 
Brendon Hatcher Joomla Security
Brendon Hatcher Joomla SecurityBrendon Hatcher Joomla Security
Brendon Hatcher Joomla Security
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptx
 
How to create_a_website
How to create_a_websiteHow to create_a_website
How to create_a_website
 
1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt
 
First Hosted Joomla! site
First Hosted Joomla! siteFirst Hosted Joomla! site
First Hosted Joomla! site
 
Dot Com In A Day
Dot Com In A DayDot Com In A Day
Dot Com In A Day
 
Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016Os piores códigos Ruby já vistos - TDC Florianópolis 2016
Os piores códigos Ruby já vistos - TDC Florianópolis 2016
 
Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...
Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...
Colocation Dedicated / VPS / Cloud Servers Data Centers - IT4INT Pvt Ltd Mark...
 
WordPress Resources Nov 2014
WordPress Resources Nov 2014WordPress Resources Nov 2014
WordPress Resources Nov 2014
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
 

Más de Bangladesh Network Operators Group

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephBangladesh Network Operators Group
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceBangladesh Network Operators Group
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaBangladesh Network Operators Group
 

Más de Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Último

Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 

Último (20)

Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 

DNS hijacking at cloud

  • 1. DNS HIJACKING AT CLOUD Your forgotten subdomain going to hurt you.
  • 2. Co-Founder @ BEETLES (beetles.io) Twitter: @shaheemirza Web: shaheemirza.com Shahee Mirza
  • 3. Menu  Background  History  Attack  Tools  Defense
  • 4. Background Do you know that it's possible that some of your subdomains maybe taken over by somebody else? This is due to the fact, that for some of your DNS[Mainly CNAME] records. People register subdomains & point it to 3rd party a pps/websites. A subdomain takeover is a vulnerability that results from DNS misconfiguration.
  • 6. :D
  • 7. Attack 1- Your company starts new service like blog 2- Your company points a subdomain to the blog-provider- service.com, eg blog.your-company.com 3- Your company stops the project and forgets to remove the subdomain redirection pointing to the blog-provider- service.com. 4- Attacker signs up for the Service and claims the domain as theirs. 5- Attacker now can post a defacement or put an HTML Form and asks users to login (Perform phishing attack).
  • 9. Now You know it all, Then forget Me
  • 10. Wait!! I have more to share….. The tools list
  • 11. Tools  Subbrute  Nmap  Recon-Ng  DNSRecon  HostileSubBruteforc er  Gobuster  DNSenum  AltDNS  Sublist3r  Knock
  • 12. Defense  Check your DNS configuration for subdomains pointing to services not in use.  Keep your DNS entries constantly vetted and restricted.