Subdomain takeover, the use after free of the internet

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration: Not yet available
Language: English
Abstract: Most bug bounty platforms list subdomain takeover as "not in scope", but could it be interesting anyways? Yes! This talk will show you what this kind of problem is and how it can be mitigated at scale (and where it isn't).

On a boring evening, I thought of playing around with automated scanning using long bash one-liners. The next morning, a one-liner consisting of 17 pipes was born which found a few hundred valid subdomains prone to subdomain takeover. This wasn't really complicated, but by automating such a process, I had the chance to dive deeper into the whole topic and found quite a weird ecosystem.

This talk is there to give you the whole context: from the basic "what is subdomain takeover?" to further "well how can it be found?" until the essential "well how do we solve this once and for all?".

Talk ID: jev22-49098
Event:: jev22
Day: 3
Room: HIP1
Start: 5 p.m.
Duration: 00:30:00
Track: E.T.I.
Type of: Talk
Speaker: hanemile
Talk Slug & media link: jev22-49098-subdomain_takeover_the_use_after_free_of_the_internet

The video is not yet available

Missing form or progress bar? It may take up to ten minutes until the form appears, after you saved your progress on amara. Please give it a little patience and reload the page.