The story of EV-SSL, AWS and trailing dot domains

labsdetectify

Hijacking of abandoned subdomains part 2

labsdetectify

MSN is vulnerable to this as per below. As we’ve said before, check and validate all your DNS Resource Records immediately. After our previous blog advisory about the subdomain takeover, we were contacted by Szymon Gruszecki, an independent security researcher and a frequent reporter in the Facebook White Hat Bug Bounty. Kickstarted by our advisory, he got in touch with us explaining a different method, together with a live PoC.

Hostile Subdomain Takeover using Heroku/Github/Desk + more

labsdetectify