Skip to content

Commit

Permalink
Fix Spelling Errors (#893)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jinsonvarghese
jinsonvarghese authored Mar 25, 2022
1 parent 3e78b0e commit 6e64180
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ...nfiguration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ A successful exploitation of this kind of vulnerability allows an adversary to c
1. The victim's external DNS server subdomain record is configured to point to a non-existing or non-active resource/external service/endpoint. The proliferation of XaaS (Anything as a Service) products and public cloud services offer a lot of potential targets to consider.
2. The service provider hosting the resource/external service/endpoint does not handle subdomain ownership verification properly.

If the subdomain takeover is successful a wide variety of attacks are possible (serving malicious content, phising, stealing user session cookies, credentials, etc.). This vulnerability could be exploited for a wide variety of DNS resource records including: `A`, `CNAME`, `MX`, `NS`, `TXT` etc. In terms of the attack severity an `NS` subdomain takeover (although less likely) has the highest impact because a successful attack could result in full control over the whole DNS zone and the victim's domain.
If the subdomain takeover is successful, a wide variety of attacks are possible (serving malicious content, phishing, stealing user session cookies, credentials, etc.). This vulnerability could be exploited for a wide variety of DNS resource records including: `A`, `CNAME`, `MX`, `NS`, `TXT` etc. In terms of the attack severity an `NS` subdomain takeover (although less likely) has the highest impact because a successful attack could result in full control over the whole DNS zone and the victim's domain.

### GitHub

Expand Down Expand Up @@ -106,7 +106,7 @@ The tester has the DNS zone file available which means DNS enumeration is not ne
## Remediation
To mitigate the risk of subdomain takeover the vulnerable DNS resource record(s) should be removed from the DNS zone. Continous monitoring and periodic checks are recommended as best practice.
To mitigate the risk of subdomain takeover the vulnerable DNS resource record(s) should be removed from the DNS zone. Continuous monitoring and periodic checks are recommended as best practice.
## Tools
Expand Down

0 comments on commit 6e64180

Please sign in to comment.