Diving Deeper into Subdomain Takeovers & Mitigations with Shubham Shah

▬▬▬▬▬▬   📝 ABSTRACT & BIO   ▬▬▬▬▬▬ In this episode of OWASP DevSlop we’ll be diving into different types of infrastructure takeovers, with a focus on subdomain takeovers, and how they can be leveraged by attackers and bounty hunters to create real security impact. Bug bounty hunters, defenders, and DevOps or DevSecOps practitioners should not miss this episode! We’ll be taking a look at different cloud infrastructure providers, cloud services, and how this often overlooked or misunderstood attack surface can translate into real security issues, as well as what defenders and developers can do about it. SHUBHAM SHAH Shubham Shah is the co-founder and CTO of Assetnote. Shubham is a prolific bug bounty hunter in the top 50 hackers on HackerOne and has presented at various industry events including QCon London, Kiwicon, AusCert, BSides Canberra and CrikeyCon. In his free time, Shubham enjoys performing high-impact application security research. ▬▬▬▬▬▬   🔗 LINKS   ▬▬▬▬▬▬ Ghostbuster Resources https://github.com/assetnote/ghostbuster https://blog.assetnote.io/2022/02/13/dangling-eips/ Other Resources https://github.com/indianajson/can-i-take-over-dns https://gist.github.com/fransr/a155e5bd7ab11c93923ec8ce788e3368 https://godiego.co/posts/STO-Azure/ ▬▬▬▬▬▬ 🎥 Producer ▬▬▬▬▬▬  Nancy Gariché                       ►  https://www.linkedin.com/in/nancygariche ▬▬▬▬▬▬   🎙️Hosts   ▬▬▬▬▬▬  Bec                           ►  https://twitter.com/errbufferoverfl James                     ►  https://twitter.com/devec0 Lilly                          ►   https://twitter.com/attacus_au Mimi                        ►   https://twitter.com/p0kemina ▬▬▬▬▬▬   👋 Connect with Us   ▬▬▬▬▬▬  YOUTUBE ► https://www.youtube.com/c/OWASPDevSlop/ INSTAGRAM ► https://www.instagram.com/owaspdevslop/​ TWITTER ► https://twitter.com/Owasp_DevSlop ▬▬▬▬▬▬ SHOW SPONSOR ✨ ▬▬▬▬▬▬ https://www.appsecengineer.com/