A Novel Framework For Detecting Subdomain State Against Takeover Attacks

Abstract: The Domain Name System (DNS) oversees the internet's architecture, providing pointers to both internal and external services. Consequently, enterprises increase their attack surface while simultaneously increasing their exposure to potential cyber threats. Subdomain takeovers happen when a subdomain leads to a website that no longer exists. As a result, the subdomain will be in control of an attacker. A compromised subdomain may be the access point to many attacks like information threats, phishing attacks, infrastructure intrusion and many more. Subdomain takeover attacks are one of the overlooked attack surfaces related to cyber security. This thesis aims to investigate the subdomain takeover attacks, how the attacks happen, the attack methodology by an attacker and drawbacks in the current strategies and tools, which are countermeasures for subdomain takeover attacks. The research focuses on resolving an intrusion from happening within the perspective of an enterprise standpoint. A new custom framework which resolves the subdomain takeover attacks was developed. A comparative study of the newly developed framework and the existing open-source tools and their response to an attack scenario too is made. Also, a comparison of the leading cloud platforms was conducted and their existing security features and mitigation measures for similar attacks and threats.