This attack vector utilizes DNS entries pointing to Service Providers where the pointed subdomain is currently not in use. Depending on the DNS-entry configuration and which Service Provider it points to, some of these services will allow unverified users to claim these subdomains as their own.

Requirements:

• Laptop with Linux
• Basic understanding of the Domain Name System (DNS)
• Knows how to set up a subdomain
• Valid accounts in several cloud services(amazon, microsoft azure (paid subscription), github) for practice
• EyeWiteness, SubJack
• Good mood