Simon spoke about DNS attacks at BSIDES NCL!

Simon discussing AWS Route53 NS takeovers
Simon discussing AWS Route53 NS takeovers


With so many of our talks taking us to Manchester and London, Simon jumped at the chance for a local talk in Newcastle!



BSIDES Newcastle is a fantastic event with some great talks around entry level robotic, SIEM automation, DevSecOps and fuzzing.

The swag was rather unusual (with succulents and Jam being handed out at the door 🌱) but it’s to be expected from a conference which had its very first year in a skatepark!

Simon gave an introduction to subdomain hijacking and his experience verifying subdomain takeovers when managing a clients bug bounty program. This experience, and his own research which followed, led to us releasing our own opensource tool dnsReaper.

The talk was recorded and you can watch it here: https://www.youtube.com/watch?v=GGfQlPZSRk4

What does dnsReaper do?

dnsReaper is a lightning quick auditing tool that detects subdomain takeover vulnerabilities in DNS.

You can run it adhoc, continuously, or in a ci/cd pipeline.

Most existing subdomain takeover tools require you to provide the domain list, which is fine for bug bounty hunting but not for auditing your own DNS. dnsReaper can fetch your domains through multiple mechanisms, or you can feed it a list of domains. It then produces a model of your DNS records and runs them through over 60 signatures.

Read more

For more information, email us at [email protected] or call us on 01609 635 932

Author

Simon Gurney

- CTO -

Simon is one of the Punk Security Directors and has over 17 years experience working within IT, primarily focused on automation and InfoSec.

read more