In the first part of this two-part series, Carlos will go over the current landscape for subdomain takeover by analyzing some bug bounty report statistics and then go over the theory behind how attackers can leverage this flaw to hijack subdomains. Finally, Carlos will discuss several simple actions that can be taken to protect your cloud environment against this vulnerability and give a sneak peek into the hands-on exercises from the upcoming Part 2.
Subdomain takeover continues to be a major security threat for organizations using the cloud to deliver public services. After setting up their cloud environments, oftentimes, organizations overlook removing the domain name system (DNS), aliases (A record), and canonical names (CNAME record) that are no longer being used. This leads to a dangling domain record that is no longer associated with an active website or an online resource.