|
|
|
|
|
|
by mindingdata
3251 days ago
|
|
|
There was this thing called "Hostile Subdomain Takeover" where a company would point a subdomain to a particular SaaS product (Say Zendesk), sometime later, they would cancel their subscription but not change the A record. Someone could then go and register a new Zendesk account (If the service doesn't require proof of ownership of domain), and say that they want to use the same subdomain. Now they have a Zendesk account with the URL of http://help.somedomain.com as an example. And they can phish people quite easily. Anyway, the reason I bring it up is because for a while, I saw people spamming the shit out of bug bounties with this stuff. Because it's super simple to do. So I'm not sure what is more lucrative for an average joe, actually learning proper techniques or trying to piggy back on some low hanging fruit that may be easy to automate. |
|
|