One common security threat is exposing old subdomain names. Subdomains pointing to third party services no longer being used make it possible for malicious hackers to register the subdomain on that third party and (effectively) hijack the subdomain. Some issues have already been published on our blog.
Detectify provides a tool that allows you to monitor subdomains for such vulnerabilities based on your domain names. The Detectify Domain Monitoring Service continuously monitors changes within public DNS resolvers and warns you as soon as it detects any anomalies.
To be able to use this service we need two things:
There are two scenarios to use our service.
The customer needs to provide us with the master file for their DNS. This file contains the subdomains they want us to monitor. Initially they need to send us this file via email.
There are some requirements on the file:
The customer needs to whitelist our external IPs in their DNS for zone transfers. How to do this is dependent on what DNS they are running but this should be among the DNS settings.
Second step is that we need an address or IP for the name server we should use and the zone that we should transfer (most likely the domain they want to monitor, so example.com if they want to look for subdomain takeover under that).
In this scenario the customer doesn’t have to provide us with any additional information. We will try and use a combination of techniques to try to enumerate the subdomains.
If you are interested in knowing more about the Detectify Domain Monitoring Service just reach out to us via our Request a live demo page.Request demo
Coming up with great jokes