2019-04-06, 10:00–11:20, SkyPoint
This workshop about understanding, finding, exploiting, and reporting subdomain misconfigurations.
This attack vector utilizes DNS entries pointing to Service Providers where the pointed subdomain is currently not in use. Depending on the DNS-entry configuration and which Service Provider it points to, some of these services will allow unverified users to claim these subdomains as their own.
Requirements:
- Laptop with Linux
- Basic understanding of the Domain Name System (DNS)
- Knows how to set up a subdomain
- Valid accounts in several cloud services(amazon, microsoft azure (paid subscription), github) for practice
- EyeWiteness, SubJack
- Good mood