Simon spoke about DNS attacks at BSIDES NCL!
With so many of our talks taking us to Manchester and London, Simon jumped at the chance for a local talk in Newcastle!
BSIDES Newcastle is a fantastic event with some great talks around entry level robotic, SIEM automation, DevSecOps and fuzzing.
The swag was rather unusual (with succulents and Jam being handed out at the door 🌱) but it’s to be expected from a conference which had its very first year in a skatepark!
Simon gave an introduction to subdomain hijacking and his experience verifying subdomain takeovers when managing a clients bug bounty program. This experience, and his own research which followed, led to us releasing our own opensource tool dnsReaper.
The talk was recorded and you can watch it here: https://www.youtube.com/watch?v=GGfQlPZSRk4
What does dnsReaper do?
dnsReaper is a lightning quick auditing tool that detects subdomain takeover vulnerabilities in DNS.
You can run it adhoc, continuously, or in a ci/cd pipeline.
Most existing subdomain takeover tools require you to provide the domain list, which is fine for bug bounty hunting but not for auditing your own DNS. dnsReaper can fetch your domains through multiple mechanisms, or you can feed it a list of domains. It then produces a model of your DNS records and runs them through over 60 signatures.