azure
-
How Hackers Compromise Subdomains: Subdomain Takeover in Depth Explanation with notes | By Alham Rizvi
active-directory, Asset Inventory, Automation, AWS, azure, bug bounty, bug hunting, Certificate Misuse, Cloud Services, Cloudflare, CNAME Takeover, DNS Misconfiguration, DNS Security, Domain Security, Ethical Hacking, GCP, hacking, Host Misconfiguration, Incident Response, networking, Penetration Testing, Public Footprinting, Recon Tools, Reconnaissance, Remediation, Secure Configuration, Security Research, Subdomain Enumeration, Subdomain Hijacking, Subdomain Takeover, Vulnerability Hunting, Web SecurityA subdomain takeover happens when a DNS record points a subdomain to a third-party service that no longer hosts it, and an attacker can claim that service and serve content from the victim’s subdomain. 1) What is a subdomain takeover? A subdomain takeover happens when sub.example.com has a DNS record (usually a CNAME or ALIAS)…
-
Recap Before diving in, let’s quickly recap the concepts we’ll explore in this room: Sessions and tokens. Authentication & Authorisation Authentication is the process of verifying your identity (are you J. Doe?). In contrast, authorisation determines what actions an identity can perform in a given resource (what can J. Doe do?). Sessions When you authenticate…
-
{Task 1} Introduction In this room, we’ll dive into different session types and how to investigate several log types at the application level to identify compromise. Learning Prerequisites Before diving into this room, it is recommended to complete the rooms below for better comprehension: Learning Objectives {Task 2} Recap: Session & JWT Recap Before diving in, let’s…
