LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Subdomain takeover amazon S3

2 months ago 38
BOOK THIS SPACE FOR AD
ARTICLE AD

How to perform subdomain takeover on amazon S3

Hicham Almakroudi

Photo by Christian Wiediger on Unsplash

In this article the following will be covered/explained:

What is amazon S3?Prerequisites for S3 subdomain takeoverHow to perform subdomain takeover on amazon S3Challenge (Test what you read on a test subdomain I own)

Amazon S3
Amazon S3 is a service provided by amazon to store data, It is also possible to host a static website on S3, which makes it possible for hackers to perform subdomain takeovers and use it to perform phishing attacks.

In 2020 Microsoft forgot about several subdomains, malicious actors managed to take over 4 of them and advertise Indonesian casinos there. This shows the impact a subdomain takeover can have, the issue was fixed quickly by microsoft. But if you want you can check out the waybackmachine and see the advertisements that were temporarliy hosted on these subdomains in 2020. The subdomains were:

portal.ds.microsoft.comperfect10.microsoft.comies.global.microsoft.comblog-ambassadors.microsoft.com
Read Entire Article
  3. Subdomain takeover amazon S3

Related

Week 3: When the Drive to Work Fades

Week 3: When the Drive to Work Fades

SSRF(Server-Side Request Forgery)

SSRF(Server-Side Request Forgery)

Mastering Web Application Pentesting Part — II

Mastering Web Application Pentesting Part — II

GitTrash: Digging Deep into Git Repositories for Hidden Treasures

GitTrash: Digging Deep into Git Repositories for Hidden Treasures

Bug Bounty Beginner’s Roadmap-02

Bug Bounty Beginner’s Roadmap-02

My OSWA Experience

My OSWA Experience

Trending

1. Zimbabwe vs Pakistan
2. Nanded Lok Sabha
3. IPL Auction 2025
4. Man City vs Tottenham
5. Hemant Soren
6. IPL Auction 2024
7. Ajit Pawar
8. F1
9. Amit Thackeray
10. Wayanad Election Result

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved