For the people who say we are on the cloud and it is implicitly secure :P
AWS NS Takeover
From 101 to Detection and Exploitation!
I hope you would have heard of a conventional subdomain takeover because of a dangling CNAME entry. Recently while going through these amazing blogs( Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean and Subdomain Takeover: Going beyond CNAME) I got to know about this cool, non-conventional domain takeover which allows an adversary to have complete control over a vulnerable domain.
Prerequisite
Before we go ahead and get our hands dirty you need to have a fair understanding of the following concepts:
- DNS(Domain Name Service)
- Fundamentals of AWS(especially Route53 service)
The Misconfiguration
Usually while setting up a domain, we avail domain registration services from the registrar and provide the authoritative nameservers which stores and provides the respective DNS resource records. The security issue is regarding…