#subdomaintakeover — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #subdomaintakeover, aggregated by home.social.
-
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategieshttps://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
-
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategieshttps://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
-
Subdomain Takeover Vulnerabilities and Prevention
In this article, I cover:
* How subdomain takeover vulnerabilities occur
* Real-world exploitation scenarios
Reconnaissance and detection techniques
* Practical prevention and DNS hygiene strategieshttps://denizhalil.com/2026/02/16/subdomain-takeover-vulnerabilities-prevention/
#CyberSecurity #SubdomainTakeover #DNS #AttackSurface #BugBounty #RedTeam #BlueTeam #InfoSec #CloudSecurity #WebSecurity #EthicalHacking
-
Jo @LidlUS @lidl @LidlGB, didn't knew you now also host fake versions of the New-York Times:
hxxps[:]//baustandards-qs[.]lidl[.]com
Seems a solid subdomain takeover?
Pointing to AWS: 72.144.31[.]24 -
Found a great #opensource tool to scan sites for a laundry list of vulnerabilities https://github.com/h4r5h1t/webcopilot.
Just used it to scan all my company domains, works great!
The tools integrated into this single app are the same tools "security researchers" use to scan sites for #xss #SQLi #ssrf #crlf #lfi #subdomaintakeover #openredirect, etc. vulnerabilities - into a single CLI tool.
Can also help avoid/confirm those "beg-bounty" situations where a simple misconfiguration is touted as a "critical vulnerability" because someone use a quick scanning tool to determine that sub-domain take-over is possible (very common, not critical, easy to fix), or missing DMARC records are present (which 98% of all Internet sites have issues with, and is very easy to fix) to demand a cash reward so they can "share additional critical vulnerabilities" that aren't a thing - they just want money.
Have fun!
-
MDEASM is a tool used by Microsoft Defender to detect expired subdomains which can be vulnerable to takeover. It continuously maps the external-facing resources across an organization's attack surface to identify, classify and prioritize risks, including subdomain expiration and takeover. https://techcommunity.microsoft.com/t5/microsoft-defender-external/identify-digital-assets-vulnerable-to-subdomain-takeover/ba-p/3700773 #MDEASM #MicrosoftDefender #SubdomainTakeover