f:["$","$L17",null,{"module":{"slug":"module-15","title":"Subdomain Takeovers","description":"Identifying and verifying subdomain takeover vulnerabilities.","order":15,"sections":[{"id":"mechanism","title":"The Mechanism","type":"content","content":"\n

\n 1. Company creates `promo.target.com` pointing to `target.github.io`.\n
\n 2. Promotion ends. Company deletes the GitHub page.\n
\n 3. DNS record `promo.target.com` -> `target.github.io` still exists.\n
\n 4. Attacker claims `target.github.io` on GitHub.\n
\n 5. Attacker now controls content on `promo.target.com`.\n

\n "},{"id":"tools","title":"Subjack","type":"content","content":"\n

Automated Checking

\n Tools like Subjack and Nuclei check for known \"fingerprints\" of unclaimed services (Heroku, GitHub, AWS S3, Shopify).\n

\n "},{"id":"quiz","title":"Takeover Quiz","type":"quiz","quizQuestions":[{"id":1,"type":"multiple-choice","question":"What is the root cause of a subdomain takeover?","options":["Dangling DNS record pointing to an unclaimed third-party resource","Weak administrative password","SQL Injection in the login page","Outdated web server software"],"correct":"Dangling DNS record pointing to an unclaimed third-party resource"}]}]},"courseSlug":"web-reconnaissance","nextModuleSlug":"module-16"}]