Subdomain takeover, the use after free of the internet
12-28, 17:00–17:30 (Europe/Berlin), HIP - Track 1 - Room 5
Language: English

Most bug bounty platforms list subdomain takeover as "not in scope", but could it be interesting anyways? Yes! This talk will show you what this kind of problem is and how it can be mitigated at scale (and where it isn't).

On a boring evening, I thought of playing around with automated scanning using long bash one-liners. The next morning, a one-liner consisting of 17 pipes was born which found a few hundred valid subdomains prone to subdomain takeover. This wasn't really complicated, but by automating such a process, I had the chance to dive deeper into the whole topic and found quite a weird ecosystem.

This talk is there to give you the whole context: from the basic "what is subdomain takeover?" to further "well how can it be found?" until the essential "well how do we solve this once and for all?".

InfoSec | Foo @chaosdorf | CTF Sauercl0ud & ALLES!