Is your code secure? Use this FREE tool (CodeSec) to find out: bit.ly/3tcPUQx TOOLS USED IN THIS VIDEO --------------------------------------------------- - AMASS: github.com/OWASP/Amass (find subdomains) -TakeOver: github.com/m4ll0k/takeover (subdomain takeover vulnerability scanner) -Dig (apt install dig) 🔥🔥Join Hackwell Academy!: ntck.co/NCAcademy 0:00 ⏩ Intro 0:18 ⏩ How subdomain takeover works 1:59 ⏩ Why Subdomain takeovers are dangerous 2:33 ⏩ Make sure your code is secure using codesec! 4:06 ⏩ find our targets subdomains using Amass 5:06 ⏩ The username is not available 5:57 ⏩ IT actually worked!! 6:17 ⏩ Once you’re in github… 6:58 ⏩ The same thing can happen with Azure 7:45 ⏩ so how do you protect your website

This goes even deeper... you own a DNS name and then abandon it after several years... (perhaps an unforeseen event or your start-up fails)... Some 3rd party eventually purchased my old domain and used the way back machine to re-create the website... WARNING... think hard before abandoning a domain name!

I don't get it, if the website is deployed from github, why would you ever delete your github account? You would have probably switched to another repo or just uploaded the files directly to your server before you delete your account while your website is still dependent on it. I also don't understand why this is only a vulnerability with subdomains.

Thanks for your video. I learns a lot and useful to my job.

i feel like this video was inspired by the "Avoiding DNS Pain" NDC talk that was uploaded 3 weeks ago. they cover this exact problem and also one solution (basically DNS as code like infrastructure as code).

This happens all the time even for large companies including microsoft, amazon, walmart, etc that people use subdomains to send spam mail from the main domain from the actual company making hard to block spam mail because you can't just block the email address or the domain because you might actually want email from the actual company. Most email services don't allow blocking subdomains only email addresses themselves or primary domains. So people just make infinite amounts of sub domains for the primaries of an actual companies domains making it hard to block spam. At times it almost feels like the spammer have hacked the mail servers themselves and using it to spam and it's even funner when they are able to send spam mail out with no email address at all because the servers don't check to see is the account sending actually exist or even cares if the send mail is blank. It's even more fun when some emails services have auto avatar and names loading that get associated with the spammers email making it even look more like a real email. It's kind of hard for me to explain this lol.

Remember kids ... it's always DNS, always.

The worst part of this...as an end user, there is really no way of knowing if this happened. You can get an SSL certificate for the redirected subdomain, which means HTTPS will work fine.

Love your content.....keep doing great things!

For my company, our security requires any external facing sub domains can only be on 443, no 80 or re-directs like this shown. The owner has the attest to it and put new certs every 90 days and we monitor all external facing URL's. This is a serious open window that a lot of corporations do not even bother to worry about. But I'm glad I work with and lead one of the best IT security teams in my industry where we are constantly 5 steps further then what is required for our various regulations (PCI/ISO/SEC/FRB/etc...)

Thanks for the video Chuck! It will definitely all the website developers!

Always remember kids - "It's only for educational purposes"

Thanks for this vid! I have been looking into domain take over a bit recently and this really clears it up for me.

Super video Chuck Your videos are awesome And informative 👍🏿

I saw something recently call no-code programming. Can you give your perspective on it?

Mr Beast Game sweatshirt 😂😂😂 btw. i love your videos!

Your new studio is nice .... but I like the previous one more😂😅

Now I know the difference between real voice chuck and content creator chuck. BTW luv the videos !

Nice new studio 🤩

NetworkChuck: You'res could be next Me who dosent have money for domain: yes.

LESGOOO FIRST COMMENT! keep the vids coming love your content

you are doing such a fabulous job 😜

Another video by chuck Thank Goodness

There are actually some commercial vendors that do monitor for this kind of stuff (RiskIQ being one), it's not cheap, but it does do a decent job of detecting this.

You are better than any AI !

Amazing video. Also can we get a kali Linux intro series

Great video, please coninue making these kinds of videos

Keep going men I love your content it's very helpful thank you ♥️

Best prevention is to not have a website

I love your content so much chuck

There is somebody exploiting your number 2 before you had a chance to film. Proof positive that somebody is always trying to mess with your sh*t.

…that was quick. I am glad I grabbed my small coffee mug.

Now this is something of my interest

Great vid. subfinder, sublist3r, findomain, assetfinder, subjack and subzy can be used for that purpose too. :)

Just curious what is your input in the targets.txt file ?

Nice video, just a question. If you have control of the main domain and delete the entry for the subdomain that was took over, that would be the end off correct? Or is there a way to take full control of asub domain regardless of the main domain DNS records?

Is there a free hacking software for Windows? Like the one you use in Linux but then for Windows?

Yes but if you use A record instead of CNAME aren't you more safe?

What about a subdomain takeover with Fastly?

Great video as always. I notice that you display the ANM27T! I just got some too!

This is as powerful as giving Blue tick for 8$ and achieve any identification and status with a unethical or biased thoughts

MrBeast Gaming Hoodie. Like a KING

Thank you for this very informative video, so could you please do a video on the best method to secure DNS and a site? Thanks.

Thank you sir for another great video, been getting much great lesson from your channel 👍

Love your videos. Always awesome. Something I have always been curious about. What do you use to draw on your desktop?

loved your all content sir

That's something big companies wouldn't do. Nice video, but no big company would do this.

I hold ANM27T. Very promising project, and its ecosystem maintains complete anonymity

This is terrifying.

@networkchuck can you please make a video of your tools and gadgets?! We need to know. Like a tour of your desk :p

Hey bro, love your content a lot

So cool content and so less likes. Shame in you guys. Thanks for this.

Very very interesting video, sir puted in a very cool and funny way :) You got a sub from me!

is it possible to takeover the maindomain from a subdomain ? Greets

How to run tool in kalilinux from any path ?

* Insert gif of Captain Holt saying “Bingpot!” here *

I didnt know about this, looks scary.

Sorry I don't understand the part that you created file called fun html.

4:15 is all of us before we found you

New week up as many FOMO in. But the ANM27T story isn’t over yet. The only strat that works under all circumstances is DCA all the time with solid, large companies (not hyped ones).

I'm loving this!!

Bro, i bought ANM27T in September after your video. i'm up 79%.

Please make videos on (Bug Bounty) techniques..........

Love your videos ❤

Did mr. Beast sponsor this video btw i love your video

CodeSec!! 🎉

Its always DNS when something bad happens... when there is access issues, its always the network... ALWAYS!!! when I call our NOC "Oh, thats odd, just a second... okay I didnt find anything wrong, can you try again?" "wth its working now!??!" "Yeah, there was nothing over here, musta been a bug on your side" This is every convo with a network admin ever... they always fix a little mistake they found but never fess up to it...

I have a question. Is this DNS rebinding?

Will you make any research videos about ANM27T

This man got me all the time 🔥💥

The reason I got ANM27T is because I believe decentralization is more important than anything else.

what happens if I go to a suspicious link and it crosses out and clears the log, can the page still retrieve data?

How to get the takeover tool. I didn't find in github

As a front end developer, I understand nothing from the code you wrote

I love this guy, I've learned a lot from you sir

ANM27T at less than $1. is like BTC at $100. When ANM27T finally blows it's gonna be epic.

ANM27T has as much potential as ethereum. But unlike ethereum it has a bigger growth potential.

make a course on ceh practical

What's better holding into crash or being safe with ANM27T tell me

Lesson to be learnt. Don’t use cname record. Specially if you’re going to encrypt using https. Better off using A records. Don’t be lazy!

TakeOver Script is not available on this user where can i find this exact script?

Awww chuck loves mr beast merch 😌😌😌😌❤️

Nice hairstyle bro!

This week is hell and a bloodbath can happen but why we don't discuss the fact that Amazon also released their ANM27T in it? Always two sides of a coin

It just misses the point on why this can be so effective - if the original creator of the website links it IN his website, it's legit in the eyes of end-user and little to no precaution is taken.

You would need to know that the GETHUB was available and a DNS record was pointing to it....highly unlikely to happen.

@NetworkChuck - You mention this is untraceable a few times. Off the top of my head, you could get insight via: 1) DNS Token canary (alert when hostname is requested). 2) URL Token canary (alert when URL is visited). Q - Any way to mitigate this with server side permissions or CloudFlare ? I used a PDF canary to track a document (as there was a suspected bad actor) and was able to then get public IP's and some geo data from the WAN they were connected to when opening the document. Proved the suspicion, and then the Executives got talking to the lawyers / police etc.

Wow superb Boss 👍👍

i'm surprised GitHub makes usernames available after only 90 days it should be 365 days same with all socials or logins minimum

I don't know how that works precisely, but wouldn't they have to have valid SSL certificates? They could likely get one easy enough, but even for my small domain I get warnings of certificates are issued, so I'd notice if an certificate is issued without it being from me or my services. EDIT: Yup, going by you completing a DNS Challenge you had to get a certificate so that'd protect me. Also I don't point any of my subdomains to some route out of my control, so even not looking for certificates I should be fine as long as that's the case. And even if I do that, these will be the only kind of subdomains attack able with that exploit.

takeover moved or was deleted

NO, its not always DNS! Stopping blaming me! Granted I only manage internal, but still. I'd love to pick your brain about an issue but I ain't got that kind of $$.

How do you feel about ANM27T moving into the nft marketplace? Is it still a buy?.

Same thing I did to take over Facebook account in old days. when an email IDs gets deleted because u didn't logged in for 6 month 😆

It's always DNS accept when it's a buffer overflow.

On ANM27T go long when the sell pressure reduce.

Gosh darn dangling pointers.

ANM27T, you've done an amazing job. How are you going to make all of these films and write all of the text in such a short amoun

don't have one, jokes on them 😅.

Everyone waited for Amazon to create ANM27T and the time is ready