A thread 🧵 on DNS misconfigurations/resources/articles/tools 👇

#hacking #cybersecurity #dns #bugbounty
The History of DNS Vulnerabilities and the Cloud (by Palo alto networks)

unit42.paloaltonetworks.com/dns-vulnerabil…
Dangling Domains: Security Threats, Detection and Prevalence (by Palo alto networks)

unit42.paloaltonetworks.com/dangling-domai…
Fishing the AWS IP Pool for Dangling Domains (by Bishop Fox)

bishopfox.com/blog/fishing-t…
Respect My Authority – Hijacking Broken Nameservers to Compromise Your Target (by Matthew Bryant)

thehackerblog.com/respect-my-aut…
The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace, and Digital Ocean (by Matthew Bryant)

thehackerblog.com/the-orphaned-i…
The .io Error – Taking Control of All .io Domains With a Targeted Registration (by Matthew Bryant)

thehackerblog.com/the-io-error-t…
The International Incident – Gaining Control of a .int Domain Name With DNS Trickery

thehackerblog.com/the-internatio…
AppSec EU 2017 DNS Hijacking Using Cloud Providers: No Verification Needed (by Frans Rosén)

Hostile Subdomain Takeover using Heroku/Github/Desk + more (by Detectify)

labs.detectify.com/2014/10/21/hos…
Subdomain Takeover: Basics (by Patrik Hudak)

0xpatrik.com/subdomain-take…
Subdomain Takeover: Finding Candidates (by Patrik Hudak)

0xpatrik.com/subdomain-take…
Subdomain Takeover: Proof Creation for Bug Bounties (by Patrik Hudak)

0xpatrik.com/takeover-proof…
Subdomain Takeover: Going beyond CNAME (by Patrik Hudak)

0xpatrik.com/subdomain-take…
Subdomain Takeover: Thoughts on Risks (by Patrik Hudak)

0xpatrik.com/subdomain-take…
Dangling DNS: Amazon EC2 IPs (Current State) (by Mohamed Elbadry)

blog.melbadry9.xyz/dangling-dns/a…
Eliminating Dangling Elastic IP Takeovers with Ghostbuster (by Assetnote)

blog.assetnote.io/2022/02/13/dan…
[Tool] Ghostbuster (by Assetnote)

github.com/assetnote/ghos…
Prevent dangling DNS entries and avoid subdomain takeover (by Microsoft)

docs.microsoft.com/en-us/azure/se…
Internet-Wide Analysis of Subdomain Takeovers (by Red Hunt Labs)

redhuntlabs.com/blog/project-r…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Devansh (⚡, 🥷)

Devansh (⚡, 🥷) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @0xAsm0d3us

Sep 15, 2021
My notes (actually a checklist ✅) for getting into Blockchain Security, a thread 🧵
Elementary Topics:
Basics of Internet:
Read 20 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

:(