OWASP DevSlop – Diving Deeper Into Subdomain Takeovers & Mitigations by @shubs

▬▬▬▬▬▬   📝 ABSTRACT & BIO   ▬▬▬▬▬▬

In this episode of OWASP DevSlop we’ll be diving into different types of infrastructure takeovers, with a focus on subdomain takeovers, and how they can be leveraged by attackers and bounty hunters to create real security impact. Bug bounty hunters, defenders, and DevOps or DevSecOps practitioners should not miss this episode! We’ll be taking a look at different cloud infrastructure providers, cloud services, and how this often overlooked or misunderstood attack surface can translate into real security issues, as well as what defenders and developers can do about it.

Shubham Shah is the co-founder and CTO of Assetnote. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, AusCert, BSides Canberra and CrikeyCon. In his free time, Shubham enjoys performing high-impact application security research.

▬▬▬▬▬▬   🔗 LINKS   ▬▬▬▬▬▬

Ghostbuster https://github.com/assetnote/ghostbuster

https://blog.assetnote.io/2022/02/13/…

Other Resources

https://github.com/indianajson/can-i-…

https://gist.github.com/fransr/a155e5…

https://godiego.co/posts/STO-Azure/

Leave a Reply

Your email address will not be published.

Ready to join the community?

Better Together, we are waiting for you!